Gautam Ramachandran, Senior Director of Marketing at Zimbra, revealed that Thailand faced over 1,000 cyber incidents in just the first five months of 2025. According to the National Cyber Security Committee (NCSC), more than 60% of Thai organizations have suffered data breaches, and over half have paid ransoms to recover.

Phishing Makes Thailand a Prime Target
Phishing remains the most common form of cyberattack. Cisco Talos reported more than 300,000 phishing attempts targeting Thai businesses in 2024, placing Thailand among the top financial phishing targets in Southeast Asia.

Business Email Compromise (BEC) attacks — where criminals impersonate executives to steal money or data — have also inflicted significant financial and reputational damage. These trends highlight a critical truth: email must be treated as a top priority for national cybersecurity.

Email as Critical Infrastructure
As Thailand’s digital economy expands, email systems should be recognized as critical infrastructure — on par with transport, energy, and finance.

The country’s Personal Data Protection Act (PDPA), enforced since 2022, has raised the bar for responsible data handling. More recently, national cybersecurity standards issued in 2024 require operators of critical systems, including government platforms and vital infrastructure, to store operational data within Thailand. Backup data must also remain onshore or within ASEAN states.

While designed to safeguard national interests and reduce dependency on foreign infrastructure, many private-sector organizations in Thailand still rely heavily on global cloud providers. Thailand’s cloud infrastructure market reached USD 4.08 billion in 2024 and continues to grow, mostly dominated by offshore providers despite new local data centers coming online.

This reliance raises compliance risks and reduces control in the event of data breaches. For sectors such as government, education, and finance, migrating email systems onshore is increasingly becoming not just a best practice — but a legal and strategic necessity.

AI-Driven Cyber Threats Escalate
AI is reshaping the cybersecurity threat landscape in Thailand, with email at the frontline. A Fortinet-IDC survey in 2025 found that 58% of Thai organizations had already faced AI-driven cyberattacks.

AI-generated phishing emails are now more convincing and harder to detect, while “shadow AI” — unapproved tools adopted by employees — is introducing new vulnerabilities into organizational systems.

To address this, organizations must strengthen the most targeted entry point: the inbox. Secure email platforms with real-time threat detection, identity protection, and AI-specific security policies are now essential.

Building Cyber Resilience from the Ground Up
The Thai government has declared 2025 the “Year of Cybersecurity.” But experts warn that policies alone are not enough. True resilience requires building secure infrastructure at the foundation — with data stored locally, robust built-in security, rapid incident response, and ongoing workforce training.

Organizations must also prepare clear incident response strategies and partner with local providers who understand Thailand’s legal and business context.

Ultimately, email remains the backbone of trust in the digital economy. Decisions made today about securing email infrastructure will shape Thailand’s ability to grow, adapt, and protect its most vital assets in the future.

As Thailand advances toward digital leadership, this is the moment to reinforce its vision with secure, sovereign, and future-ready infrastructure capable of withstanding the challenges ahead.

https://www.bangkokbiznews.com/tech/gadget/1196758