Securing Thailand’s Digital Future

Written By Aizat Sultan

The Rising Cyber Threats and How Thai Enterprises Can Stay Ahead

As Thailand’s digital transformation accelerates, cyber threats are becoming more pervasive and destructive. According to the report Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape, the most pressing concerns across the region include phishing attacks (42.9%), malware and ransomware (37%), and a shortage of cybersecurity talent (37%)—challenges that Thai enterprises are experiencing with growing intensity.

The Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape report provides a comprehensive analysis of these evolving threats and underscores the urgent need for Thai businesses to strengthen their security posture and invest in proactive defence measures.

📖 Read more on Cybersecurity in ASEAN: Navigating the Evolving Threat Landscapehere.

Yet, amidst these challenges, there is momentum. Businesses and government agencies in Thailand are aligning strategies and budgets to safeguard critical digital assets. The central question remains: How can Thai enterprises fortify their defences against intensifying cyber threats while preserving business agility and growth?

The Growing Cyber Threat Landscape

As Thailand accelerates its digital transformation, the nation faces an increasingly complex and aggressive cyber threat landscape. Recent data indicates that cyberattacks in Thailand are 70% higher than the global average, with phishing and banking scams being particularly prevalent. 

Evolving Attack Vectors

In 2024, Thailand experienced a significant surge in scam communications, with 168 million scam calls and SMS messages detected, marking a 112% increase from the previous year. This escalation is largely attributed to the adoption of advanced technologies by cybercriminals, including generative AI, which has enhanced the sophistication and frequency of attacks. 

Financial phishing attacks have also seen a dramatic rise. In the first half of 2024, over 141,000 financial phishing attempts were recorded in Thailand, targeting both individuals and organisations. These attacks often involve impersonation of banking and e-commerce platforms, aiming to steal sensitive financial information.

Phishing & Social Engineering

Phishing remains a dominant threat vector in Thailand. The country has been identified as having the highest rate of financial phishing attacks in Southeast Asia, with a 41% increase compared to the previous year. Cybercriminals employ sophisticated social engineering techniques, leveraging AI to create convincing fake communications that deceive users into divulging personal information.

According to the Bangkok Post, the impact of these attacks is profound. Over the past two years, Thai bank customers have suffered losses exceeding 60 billion baht due to online financial fraud. This underscores the urgent need for enhanced cybersecurity measures and increased public awareness to combat the evolving tactics of cybercriminals.

Shortage of Cybersecurity Talent

Thailand's rapid digital transformation has led to a burgeoning demand for cybersecurity professionals. However, this growth has also highlighted a significant skills gap in the sector. Recent studies reveal that 72% of Thai organisations report increased operational risks due to the shortage of qualified cybersecurity personnel. This talent deficit not only hampers proactive threat management but also extends the average cyber recovery time to 4.3 months, notably longer than the global average.

The sectors most affected include government, financial services, and manufacturing, which are among the top spenders on cybersecurity solutions. Despite their investments, the lack of skilled professionals has led to a rise in security breaches, with 68% of Thai organisations experiencing one or more incidents in the past year.

National Strategies and Regulatory Shifts

Cybersecurity Act B.E. 2562 (2019)

Enacted in 2019, the Cybersecurity Act B.E. 2562 establishes a legal foundation for safeguarding the nation's Critical Information Infrastructure (CII). The Act empowers the National Cyber Security Committee (NCSC) to oversee and enforce cybersecurity measures across both public and private sectors. Key provisions include mandatory risk assessments, the implementation of robust security protocols, and adherence to incident reporting requirements. The legislation aims to enhance Thailand's resilience against cyber threats and ensure a coordinated response to incidents.

National Cybersecurity Strategy (2023–2027)

To further strengthen its cybersecurity posture, Thailand has introduced the National Security Policy and Plan for 2023–2027. This strategic framework emphasises proactive threat intelligence sharing, regular audits of governmental and critical infrastructure systems, and compulsory cybersecurity training for public sector employees. By aligning with international best practices, the strategy fosters cross-sector collaboration, particularly in vital industries such as finance, telecommunications, and energy.

Personal Data Protection Act (PDPA) B.E. 2562 (2019)

Complementing the Cybersecurity Act, the Personal Data Protection Act (PDPA) B.E. 2562, effective from June 1, 2022, imposes stringent obligations on organisations to protect personal data and uphold individual privacy rights. The PDPA mandates that entities obtain explicit consent for data collection, implement appropriate security measures, and ensure transparency in data processing activities. This dual legislative approach underscores Thailand's commitment to both operational security and the protection of personal information.

Addressing Evolving Attack Vectors: Phishing and Social Engineering

Recognising the rise in sophisticated cyberattacks, particularly phishing and social engineering schemes, Thailand's regulatory bodies have intensified efforts to combat these threats. The National Cyber Security Agency (NCSA) is developing a cyber fraud insurance framework to help businesses manage risks associated with cyberattacks and data breaches. This initiative aims to provide financial protection and encourage the adoption of robust cybersecurity practices among organisations.

Mitigating the Shortage of Cybersecurity Talent

The shortage of cybersecurity professionals poses a significant challenge to Thailand's digital security. To bridge this gap, the government has set an ambitious goal to create 100,000 cybersecurity jobs by 2024. This initiative is part of a broader strategy to secure the nation's digital economy and mitigate risks associated with the current talent shortage.

Furthermore, the NCSA's partnership with (ISC)² to provide free training and certification is a strategic move to enhance the country's cybersecurity workforce. By equipping individuals with essential skills and certifications, Thailand aims to strengthen its defence against evolving cyber threats.

International Collaboration

Understanding that cyber threats transcend national borders, Thailand actively engages in regional and international cooperation. Collaborations with entities such as the ASEAN Computer Emergency Response Team (ASEAN-CERT) facilitate the sharing of threat intelligence and best practices in incident response. These efforts aim to enhance collective cybersecurity resilience and address challenges that extend beyond national boundaries.

How Thai Enterprises Are Responding

Increased Budget and Board-Level Visibility

In Thailand, a growing understanding of how severely a cyber incident can damage brand reputation and financial stability is driving more corporate boards to treat cybersecurity as a top priority. According to Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape, 46.2% of ASEAN enterprises—including those in Thailand—plan to increase cybersecurity budgets in the next year to improve threat monitoring, employee training, and incident response. 

This aligns with the Thai government’s focus on safeguarding critical information infrastructure through the Cybersecurity Act B.E. 2562 (2019) and updated guidelines from the National Cyber Security Agency (NCSA) Thailand, which stress that boards must ensure adequate cybersecurity investments and governance.

Consolidating and Upgrading Security Solutions

Thai enterprises are increasingly modernising their security technology stacks, shifting toward centralised platforms while maintaining a best-of-breed approach for critical areas like endpoint detection, identity management, and email security. This approach allows businesses to enhance security while maintaining flexibility to adopt specialised solutions for key risks.

Advanced Info Service (AIS), Thailand’s leading mobile operator, highlights the importance of cybersecurity governance in ensuring clear accountability and dedicated budgets for security.

Similarly, Mitr Phol Group, a prominent player in Thailand's sugar and bio-based products industry, emphasises the need for a balanced cybersecurity approach.

These insights reflect a broader trend among Thai organisations striving to enhance their cyber resilience. By modernising security structures and adopting integrated yet flexible approaches, these enterprises aim to build cybersecurity frameworks that balance independence with business alignment.

Strategic Workforce Development

With the shortage of cybersecurity professionals, Thai organisations are increasingly leveraging automation to fill critical gaps in security operations. AI-driven threat detection and automated incident response tools help businesses reduce manual workloads, improve response times, and strengthen security postures.

This shift toward security automation not only addresses workforce constraints but also enables Thai businesses to scale cybersecurity operations efficiently, mitigating risks without relying solely on human intervention. By combining targeted workforce development with AI-driven security automation, Thailand is strengthening its cyber resilience in an era of increasing digital threats.

Conclusion

Thailand’s cybersecurity landscape has reached a pivotal juncture. As the country embraces rapid digitalisation, the need to secure its infrastructure against evolving threats has never been more pressing. With the right mix of government regulation, enterprise innovation, and workforce development, Thai businesses can confidently chart a secure digital future.

Read more on Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape here.

If you are interested to be involved or participate in our upcoming activities, do drop us a note at aibp@industry-platform.com

Aizat Sultan
Previous

Cutting Through the Noise: Making AI Investments Work for Thai Businesses
Next

[PRESS RELEASE] CISOs & IT Leaders Prioritising Greater Security Program Investment in 2025,ASEAN Innovation Business Platform Report Reveals