Cybersecurity & Information SecurityGold report

Published May 2026Insight Research23 min read2026 Edition15 sources, 15 primary-gradeVery high source depth

Thailand Cybersecurity & Information Security Market Intelligence

Thai infosec spend approximately THB 18.4B in 2025 on PDPA, Cybersecurity Act 2019, BoT cyber-resilience and a 240% jump in nation-state campaigns. NCSA enforces a seven-sector CII regime; listed Thai SIs G-Able and MFEC, telco MSSPs and global vendors share the stack.

Key takeaways

1
Thai information-security end-user spend approximately in 2025 (Gartner), up roughly YoY from in 2024 and around higher than 2021. Growth rate sits well above the global infosec average of only because the Thai base is small relative to mature markets.
2
NCSA's Cybersecurity Act 2019 CII regime now covers seven sectors (security, public service, finance, ICT, transportation, energy, public health). A July 2025 draft amendment extends regulatory oversight to cloud service providers and data-centre operators hosting CII workloads.
3
Listed Thai SI layer: G-Able (SET: GABLE, FY2024 revenue, growth target FY2025) and MFEC (SET: MFEC, 25-year track record, 24x7 SOC) lead local cybersecurity, cloud and identity delivery, with recurring revenue mix.
4
Telco MSSP layer: AIS Cyber Hawk, NT Cybersecurity, True Digital Security bundle carrier-grade DDoS, SOC, identity with connectivity. Global MSSP layer: NTT Thailand, IBM Security, Verizon. Channel-led global vendors: Palo Alto Networks, Fortinet, Check Point, Cisco, CrowdStrike, Trend Micro.
5
Threat landscape: Thai organisations averaged around 3,180 cyber attacks per week per organisation Aug 2024 to Jan 2025 (Check Point), versus a global average of 1,843. YoY increase in nation-state campaigns; Ministry of Labour, healthcare and finance the biggest 2024-2025 targets.
6
Our read: Thai cybersecurity is a regulatory-led growth market, not a vendor-led one. The structural tailwinds are PDPA enforcement, NCSA CII designation expansion, BoT cyber-resilience rules, and SEC disclosure expectations. Local SIs and telco MSSPs capture the labour layer; global vendors hold the platform layer; post-quantum cryptography is the 2028-2030 forcing function.

Executive summary

Thailand's information-security end-user spend reached approximately in 2025 (Gartner Thailand forecast), up roughly YoY from in 2024 and around higher than the baseline in 2021. The growth rate sits above the developed-market average because the Thai base is small relative to GDP, and because PDPA 2019, the Cybersecurity Act 2019, BoT cyber-resilience rules and SEC cyber disclosure expectations are all binding at the same time. Spend is not concentrated in any one bucket: network security and next-generation firewalls run around , MSSP and SOC services , identity and privileged access management , cloud workload protection , endpoint and EDR , GRC and compliance , and incident response and training .^{[, ]}

Regulator landscape is multi-headed but coordinated. NCSA (National Cyber Security Agency) sits under the National Cyber Security Committee and enforces the Cybersecurity Act 2019 across seven CII sectors (security, public service, finance and banking, ICT, transportation, energy, public health). A September 2025 NCSC notification refreshed the official CII list, and a July 21, 2025 draft amendment proposes to extend regulatory oversight to cloud service providers and data-centre operators hosting CII workloads. The PDPC (Office of the Personal Data Protection Committee) enforces PDPA 2019, with breach-notification timelines that must be harmonised against NCSA reporting duties. The Bank of Thailand publishes the Cyber Resilience Assessment Framework, issued Notification 4/2568 on mobile-banking security in March 2025, and released the AI Risk Management Guidelines for Financial Service Providers in September 2025. The SEC publishes cyber-incident disclosure expectations for SET-listed entities, and OIC covers insurer cybersecurity.^{[, , , ]}

Operator landscape splits into three stacks. The listed Thai SI layer (G-Able, MFEC) delivers cybersecurity inside broader IT-services portfolios with recurring SOC, identity and cloud-security revenue at of mix. The telco MSSP layer (AIS Cyber Hawk, NT Cybersecurity, True Digital Security) bundles carrier-grade DDoS mitigation, identity and SOC with connectivity for Thai enterprise and public-sector accounts. The global vendor layer (Palo Alto Networks, Fortinet, Check Point, Cisco, CrowdStrike, Trend Micro, Microsoft, Okta) sells platform licences through channel partners and increasingly direct enterprise accounts. Threat data underlines the demand. Check Point counted around 3,180 cyber attacks per week per Thai organisation Aug 2024 to Jan 2025, versus a global average of 1,843. Group-IB tracked 139 hacktivist attacks during the July-August 2025 Cambodia-Thailand escalation and a YoY jump in nation-state campaigns in 2024.^{[, , , , , ]}

Gartner, NCSA, PDPC, BoT, SEC, listed SI factsheets, Group-IB, CDIC

Data as of: 2024-2025

Thai information-security end-user spend (THB billion, 2022-2025)

2022

Spend (THB B)

13.0

YoY %

+13%

Context

PDPA in force June 2022; first BoT cyber-resilience inspections

2023

Spend (THB B)

14.7

YoY %

+13%

Context

MOVEit, ransomware wave hits Thai banks and SET-listed firms

2024

Spend (THB B)

16.4

YoY %

+12%

Context

240% jump in nation-state campaigns; CII designation expansion

2025

Spend (THB B)

18.4

YoY %

+12%

Context

BoT Notification 4/2568, AI Risk Guidelines, draft Cybersecurity Act amendment

Year	Spend (THB B)	YoY %	Context
2022	13.0	+13%	PDPA in force June 2022; first BoT cyber-resilience inspections
2023	14.7	+13%	MOVEit, ransomware wave hits Thai banks and SET-listed firms
2024	16.4	+12%	240% jump in nation-state campaigns; CII designation expansion
2025	18.4	+12%	BoT Notification 4/2568, AI Risk Guidelines, draft Cybersecurity Act amendment

Gartner Thailand infosec forecast, BoT, NCSA

Data as of: 2025 forecast

Service category mix (% of 2025 infosec spend)

Network, firewall, NGFW, SASE

Share %

26%

Notes

Palo Alto, Fortinet, Check Point dominate; carrier MSSP bundles

Managed security, MSSP, SOC, MDR

Share %

22%

Notes

G-Able, MFEC, AIS Cyber Hawk, NTT, True Digital Security

Identity, IAM, privileged access

Share %

14%

Notes

Microsoft Entra, Okta, ManageEngine, CyberArk; BoT MFA mandates

Cloud workload, CSPM, CNAPP

Share %

12%

Notes

Wiz, Prisma Cloud, Trend Micro Cloud One via channel

Endpoint, EDR, XDR

Share %

11%

Notes

CrowdStrike Falcon, Microsoft Defender, Trend Micro, SentinelOne

GRC, PDPA compliance, audit, advisory

Share %

Notes

Big-4 audit, Tilleke, Baker McKenzie, ACIS Professional Center

Incident response, forensics, training

Share %

Notes

Group-IB, Mandiant, Kaspersky, local IR retainers

Category	Share %	Notes
Network, firewall, NGFW, SASE	26%	Palo Alto, Fortinet, Check Point dominate; carrier MSSP bundles
Managed security, MSSP, SOC, MDR	22%	G-Able, MFEC, AIS Cyber Hawk, NTT, True Digital Security
Identity, IAM, privileged access	14%	Microsoft Entra, Okta, ManageEngine, CyberArk; BoT MFA mandates
Cloud workload, CSPM, CNAPP	12%	Wiz, Prisma Cloud, Trend Micro Cloud One via channel
Endpoint, EDR, XDR	11%	CrowdStrike Falcon, Microsoft Defender, Trend Micro, SentinelOne
GRC, PDPA compliance, audit, advisory	9%	Big-4 audit, Tilleke, Baker McKenzie, ACIS Professional Center
Incident response, forensics, training	6%	Group-IB, Mandiant, Kaspersky, local IR retainers

Gartner, CDIC vendor census, channel-partner disclosures

Data as of: 2025

Analyst framing

Why this report

Thai cybersecurity is a regulatory-led market: PDPA, Cybersecurity Act 2019 CII, BoT cyber-resilience and SEC disclosure are the drivers, not vendor marketing. Listed Thai SIs (G-Able, MFEC), telco MSSPs (AIS, NT, True), and global vendors (Palo Alto, Fortinet, Trend Micro, CrowdStrike, Microsoft) share a layered stack; post-quantum cryptography is the 2028-2030 forcing function.

Operator playbooks

G-Able (SET: GABLE): listed Thai system integrator with cybersecurity, cloud, data and identity practice inside a broader IT-services portfolio. FY2024 revenue around THB 6.17B; FY2025 target 5-10% growth with 40-50% recurring revenue mix. Strategic: structural beneficiary of CII compliance demand; channel partner to Palo Alto, Fortinet, Microsoft. Relevant for mid-market and large Thai banks, telcos, energy operators needing local SOC and managed services in Thai language.

MFEC (SET: MFEC): listed Thai technology firm with 25-year track record; comprehensive cybersecurity practice branded as Managed Security Service Provider (MSSP) with 24x7 SOC, system deployment, design and incident response. Strategic: public-sector contract strength via regulatory and cultural fluency; channel partner to multiple global platforms. Recent 2025 strategy pivot to AI plus security plus cost optimisation under MFEC Inspire 2025.

AIS Cyber Hawk: AIS-affiliated MSSP that bundles carrier-grade DDoS mitigation, SOC, identity and endpoint with connectivity and cloud for Thai enterprise. Telco-MSSP advantage is co-located network visibility and Thai-language operations. Competes with NT Cybersecurity (state telco) and True Digital Security for the same telco-anchored enterprise accounts.

NTT Thailand: local NTT Ltd. entity delivering managed cybersecurity, advisory and consulting across the same global service catalogue as NTT in Singapore, Tokyo, US. Strategic: global SLA credibility for multinationals operating in Thailand, particularly Japanese manufacturers and banks; advanced threat detection and incident response retainers.

Trend Micro Thailand: Japanese global vendor selling endpoint, XDR and cloud workload protection through Thai channel partners (G-Able, MFEC, ACIS, BluePrint). Long-standing CDIC sponsor with deep Thai practitioner mindshare. Strategic: incumbent across SET-listed enterprises and Thai government; defending share against CrowdStrike and Microsoft Defender expansion.

Palo Alto Networks: dominant US firewall, NGFW, SASE and XSIAM vendor across Thai banks, energy, public sector. Channel partners include G-Able, MFEC, ACIS Professional Center, NTT, True Digital Security. Strategic: platformisation play, with Prisma Cloud, XSIAM and Cortex XDR cross-sold into established firewall accounts. Competing intensely with Fortinet (price), Check Point (mid-tier), and Microsoft (bundled).

Operator concentration (estimated 2025 cybersecurity service spend share)

G-Able (SET: GABLE)

Share %

14%

Kind

Listed Thai SI

Notes

THB 6.17B FY2024 revenue across IT services; cyber a high-margin sub-line

AIS Cyber Hawk

Share %

12%

Kind

Telco MSSP

Notes

AIS-affiliated; carrier-grade DDoS, SOC, identity

MFEC (SET: MFEC)

Share %

10%

Kind

Listed Thai SI

Notes

25-year track record; 24x7 MSSP SOC

NTT Thailand

Share %

Kind

Global MSSP

Notes

NTT Ltd. local entity; multinational accounts

Trend Micro Thailand

Share %

Kind

Global vendor

Notes

Japanese parent; channel-led endpoint, XDR, cloud

Palo Alto Networks

Share %

Kind

Global vendor

Notes

Channel-led; SET-listed firms, banks, energy

Other (global vendors, in-house SOC, long tail)

Share %

43%

Kind

Mixed

Notes

Fortinet, Check Point, Cisco, CrowdStrike, Microsoft, ACIS, BluePrint, Crucible, captive bank SOC

Operator	Share %	Kind	Notes
G-Able (SET: GABLE)	14%	Listed Thai SI	THB 6.17B FY2024 revenue across IT services; cyber a high-margin sub-line
AIS Cyber Hawk	12%	Telco MSSP	AIS-affiliated; carrier-grade DDoS, SOC, identity
MFEC (SET: MFEC)	10%	Listed Thai SI	25-year track record; 24x7 MSSP SOC
NTT Thailand	8%	Global MSSP	NTT Ltd. local entity; multinational accounts
Trend Micro Thailand	7%	Global vendor	Japanese parent; channel-led endpoint, XDR, cloud
Palo Alto Networks	6%	Global vendor	Channel-led; SET-listed firms, banks, energy
Other (global vendors, in-house SOC, long tail)	43%	Mixed	Fortinet, Check Point, Cisco, CrowdStrike, Microsoft, ACIS, BluePrint, Crucible, captive bank SOC

CDIC vendor census, listed SI factsheets, channel-partner disclosures

Data as of: 2025

Unlock the full report

Operator playbooks, regulator roadmap, threat landscape, post-quantum readiness, scenarios, and full company list.

Unlock full report·$299-$349

Need more than the web report? Ask for a scoped export or source appendix.

Every report keeps visible citations and source metadata. Terms.

Key figures

Selected anchors from the report evidence pack.

2020-2025 (IDC and Gartner end-user spending)

~USD 770-820M (2025e)

Thailand cybersecurity end-user spending (2020-2025)

IDC Thailand Security Spending Guide, Gartner Asia-Pacific Information Security tracker, National Cyber Security Agency

FY2024

Banking ~32%, Govt ~22%, Telecom ~16%

Thailand cybersecurity spend by sector (2024)

IDC Thailand Security Spending Guide, NCSA sector outlook, Bank of Thailand IT-risk supervision data

2020-2024 (PDPC published decisions)

~30+ formal actions (2024)

PDPA enforcement actions by PDPC (2020-2024)

Office of the Personal Data Protection Committee, Baker McKenzie Thailand PDPA tracker, Tilleke and Gibbins data-protection bulletin

2024-2025 (publicly disclosed)

~20+ disclosed incidents

Publicly disclosed major Thai breaches (2024-2025)

ThaiCERT advisories, NCSA, Bangkok Post Tech, Group-IB Asia threat intelligence reports

FY2024

~38% of large enterprises (2024)

Identity and access management platform adoption

IDC Thailand Identity and Access Management tracker, Okta, Microsoft Entra ID Thailand channel disclosures, Bank of Thailand IT-risk guidance

FY2024

~12-14% (2024)

AI and ML-driven security tooling spend share

IDC Thailand Security Spending Guide, Gartner AI-augmented security tracker, NCSA and Bank of Thailand technology supervision

2023-2025 cumulative

~USD 18-25M cumulative (2023-2025)

Post-quantum cryptography readiness investment

NCSA, NIST Post-Quantum Cryptography standardisation, Bank of Thailand IT-resilience guidance, IBM and Thales Thailand channel

FY2024

~25,000-35,000 unfilled roles

Thailand cybersecurity workforce gap

National Cyber Security Agency, Thai Information Security Association, Ministry of Digital Economy and Society

Related reports

Thai Cybersecurity MSSP and Critical Information Infrastructure Act

Thai cybersecurity market is structured around three layers: (a) Managed Security Service Provider (MSSP) operators serving SME-to-enterprise SOC outsourcing — G-Able (Thai-listed IT services), AIS Cyber Hawk (telco-affiliated), NTT Data Thailand, IBM Thailand, Accenture Thailand, Deloitte; (b) in-house Security Operations Centre (SOC) builds at Big-4 Thai banks (BBL, KBANK, SCB, KTB, BAY) plus telcos (AIS, True), energy (PTT group, EGAT), and selected manufacturers; (c) Critical Information Infrastructure (CII) Act 2019 compliance regime administered by NCSA (National Cyber Security Agency). CII Act sectors: finance, telecommunications, energy, transport, government services. Mandates incident reporting, security audits, and minimum-security-controls. PDPA (2019), CII Act overlap drives bank/insurer compliance spend; NCSA-issued sector guidelines (banking via BOT, telco via NBTC, energy via ERC). Thai cybersecurity skills shortage parallels AI-talent shortage; SOC analyst salaries THB 60-150k/month (junior to senior); CISO/CSO THB 250-500k+/month. The structural-investor read: bank/telco/energy SOC build is structural compliance demand; MSSP operators capture mid-market spend. Watch NCSA CII Act enforcement cadence and ransomware-incident frequency as 2026-2028 indicators.

Open report →

Thai Cyber Security: Public-Private Build-Out and PDPA Enforcement

Thailand's National Cyber Security Agency (NCSA) logged 1,002 cyber incidents in the first 5 months of 2025 per Nation Thailand. 63% of Thai organisations experienced data breaches in 2025 and 52% admitted to paying ransom per Chiang Rai Times. Breach costs ranged USD 430K to USD 1.4M, prompting a structural surge in corporate demand for cyber insurance. The 2025 NCSA notification expanded the Critical Information Infrastructure (CII) classification to include cloud platforms, data centres, and managed IT services per Lexology, materially extending the regulatory perimeter beyond traditional public-sector entities. CII operators face mandatory NCSA-approved cyber-control standards, periodic risk assessments and technical audits, statutory incident-reporting timeframes, and cooperation with investigations. The Cybersecurity Act and PDPA now operate as a coordinated enforcement stack — PDPC issued more than THB 21.5M in fines across five cases in 2025 for security and breach-notification failures. The structural compliance question for Thai operators is no longer awareness; it is execution capacity (technical controls, DPO, MSSP partnerships, cyber-insurance, breach-response capability).

Open report →

Thailand Cybersecurity Market Intelligence

Thailand cybersecurity market grew to ~THB 18B in FY2024 driven by PDPA, Cybersecurity Act 2019 enforcement. Telecom-led enterprise services (AIS Secure Net, True Digital, NT), Thai specialists (G-Able, ACIS, Cyber Elite), MNC tech vendors (Palo Alto, Fortinet, CrowdStrike) with Thai channel partners.

Open report →

Thailand Cybersecurity, SOC, MDR Deep Dive

Deep-dive into Thai cybersecurity market ~THB 18-25B FY2024. Categories: managed security services (MSSP, SOC, MDR) ~32%, endpoint, network, email security ~26%, identity, access management, IAM, NDID ~14%, cloud security, CASB, CSPM ~12%, data security, DLP, encryption ~8%, GRC, compliance, audit ~8%. Operators: AIS Cyber, KBTG, SCB Tech, True Cyber, selective Thai SOC. Foreign vendor: Palo Alto, Fortinet, CrowdStrike, Cisco, Microsoft, Splunk, IBM, Trend Micro, Check Point. Thai PDPA, Cybersecurity Act, ETDA, NDID identity drive demand.

Open report →