Insight

Reference

·

Supporting source

Identity and access management platform adoption

~38% of large enterprises (2024)

As ofFY2024·Sources4·Supporting

Approximately 38% of Thai large enterprises (>1,000 employees or covered-entity status under the Cybersecurity Act) had deployed an enterprise identity and access management (IAM) or identity-platform-as-a-service (IDaaS) solution by end-2024 per IDC and local-channel disclosures from Okta, Microsoft Entra ID, Ping Identity, and CyberArk partners. Multi-factor authentication coverage on privileged accounts is higher (60-65%) but full passwordless and zero-trust identity architectures remain early-stage. Banking sector adoption is materially higher (60%+) on Bank of Thailand IT-risk expectations; government and SMB tails lag. The 2025 BoT IT-resilience guidance push is expected to compress the SET-listed bank gap further.

Download CSV ↓Compare plans →

Figure in context

Approximately 38% of Thai large enterprises (>1,000 employees or covered-entity status under the Cybersecurity Act) had deployed an enterprise identity and access management (IAM) or identity-platform-as-a-service (IDaaS) solution by end-2024 per IDC and local-channel disclosures from Okta, Microsoft Entra ID, Ping Identity, and CyberArk partners. Multi-factor authentication coverage on privileged accounts is higher (60-65%) but full passwordless and zero-trust identity architectures remain early-stage. Banking sector adoption is materially higher (60%+) on Bank of Thailand IT-risk expectations; government and SMB tails lag. The 2025 BoT IT-resilience guidance push is expected to compress the SET-listed bank gap further.

Approximately 38% of Thai large enterprises (>1,000 employees or covered-entity status under the Cybersecurity Act) had deployed an enterprise identity and access management (IAM) or identity-platform-as-a-service (IDaaS) solution by end-2024 per IDC and local-channel disclosures from Okta, Microsoft Entra ID, Ping Identity, and CyberArk partners. Multi-factor authentication coverage on privileged accounts is higher (60-65%) but full passwordless and zero-trust identity architectures remain early-stage. Banking sector adoption is materially higher (60%+) on Bank of Thailand IT-risk expectations; government and SMB tails lag. The 2025 BoT IT-resilience guidance push is expected to compress the SET-listed bank gap further.

Time scope

FY2024

Source basis

Supporting source

Interpretation notes

What this tells you

Approximately 38% of Thai large enterprises (>1,000 employees or covered-entity status under the Cybersecurity Act) had deployed an enterprise identity and access management (IAM) or identity-platform-as-a-service (IDaaS) solution by end-2024 per IDC and local-channel disclosures from Okta, Microsoft Entra ID, Ping Identity, and CyberArk partners. Multi-factor authentication coverage on privileged accounts is higher (60-65%) but full passwordless and zero-trust identity architectures remain early-stage. Banking sector adoption is materially higher (60%+) on Bank of Thailand IT-risk expectations; government and SMB tails lag. The 2025 BoT IT-resilience guidance push is expected to compress the SET-listed bank gap further.

What not to do with it

Use the linked report for interpretation and keep basis differences explicit.

Related figures

Adjacent numbers that add context without drowning the value.

2020-2025 (IDC and Gartner end-user spending)
~USD 770-820M (2025e)

Thailand cybersecurity end-user spending (2020-2025)

IDC Thailand Security Spending Guide, Gartner Asia-Pacific Information Security tracker, National Cyber Security Agency

FY2024
Banking ~32%, Govt ~22%, Telecom ~16%

Thailand cybersecurity spend by sector (2024)

IDC Thailand Security Spending Guide, NCSA sector outlook, Bank of Thailand IT-risk supervision data

2020-2024 (PDPC published decisions)
~30+ formal actions (2024)

PDPA enforcement actions by PDPC (2020-2024)

Office of the Personal Data Protection Committee, Baker McKenzie Thailand PDPA tracker, Tilleke and Gibbins data-protection bulletin

2024-2025 (publicly disclosed)
~20+ disclosed incidents

Publicly disclosed major Thai breaches (2024-2025)

ThaiCERT advisories, NCSA, Bangkok Post Tech, Group-IB Asia threat intelligence reports

FY2024
~12-14% (2024)

AI and ML-driven security tooling spend share

IDC Thailand Security Spending Guide, Gartner AI-augmented security tracker, NCSA and Bank of Thailand technology supervision

2023-2025 cumulative
~USD 18-25M cumulative (2023-2025)

Post-quantum cryptography readiness investment

NCSA, NIST Post-Quantum Cryptography standardisation, Bank of Thailand IT-resilience guidance, IBM and Thales Thailand channel

Report context

Thailand Cybersecurity & Information Security Market Intelligence

Thai information-security end-user spend reached approximately THB 18.4B in 2025 (Gartner), up roughly 12% YoY, driven by PDPA 2019 enforcement, the Cybersecurity Act 2019 critical-information-infrastructure regime under NCSA, BoT cyber-resilience and AI-risk rules, and a 240% jump in nation-state campaigns. Listed Thai system integrators G-Able and MFEC anchor the local SI, MSSP and 24x7 SOC layer; AIS Cyber Hawk, NT and True bundle telco-grade security; global vendors Palo Alto Networks, Fortinet, Trend Micro and CrowdStrike ship platforms through Thai channel partners. Report maps spend, operator concentration, regulatory roadmap (CII designation, BoT Notification 4/2568, SEC disclosure expectations) and post-quantum readiness through 2031.

Open report →

Atlas actors in this figure's reports

Profiles covered in the report that cite this number.

AIS Cyber Hawk

AIS-affiliated managed-security offering for enterprise SOC and cyber services.

G-Able Public Company Limited

Listed Thai IT services group with enterprise cybersecurity and MSSP exposure.

Identity and access management platform adoption · Insight