Kaspersky is urging Philippine banks to treat new cybersecurity regulations from the Bangko Sentral ng Pilipinas as an opportunity to strengthen their security posture rather than simply comply with regulatory requirements.
The warning comes as the BSP rolls out Circular No. 1232, introducing the Supervisory Assessment Framework (SAFr) and the Cybersecurity Control Self-Assessment (CCSA) for banks and BSP-supervised financial institutions (BSFIs). The updated framework requires institutions to regularly evaluate and report the effectiveness of their cybersecurity controls.
According to Kaspersky, the new rules arrive at a critical time as cyber threats continue to escalate globally. The company cited a 2025 report from the Security Operations Center Capability Maturity Model (SOC-CMM), which found that 58% of organizations worldwide are failing to meet their own cybersecurity maturity targets.
Heng Lee, Kaspersky’s Director of Government Affairs and Public Policy for Asia Pacific, said compliance alone is no longer enough for financial institutions facing increasingly sophisticated cyberattacks.
Kaspersky advised banks to use CCSA findings as actionable intelligence rather than regulatory paperwork, especially when assessments expose weaknesses in security operations center (SOC) maturity, threat detection, or incident response readiness.
The cybersecurity firm also encouraged banks to adopt international security maturity frameworks such as SOC-CMM to gain a more comprehensive understanding of their cyber resilience across people, processes, and technologies.
Another issue highlighted by Kaspersky is the tendency of many security operations centers to operate reactively, focusing on processing large volumes of alerts instead of improving detection quality and preventing threats at the source.
The company emphasized that financial institutions should measure cybersecurity performance not only by response speed, but also by detection accuracy and overall resilience — metrics that are increasingly important under the BSP’s updated regulatory framework.
