Organizations in Thailand to Get a Complete Cyber Fraud Insurance Framework: NCSA

• Thailand looks forward to creating a one-of-a-kind cyber fraud insurance scheme to create awareness and increase transparency. 
• At present, no proper channel or scheme addresses cyber fraud insurance in Thailand.
• The cyber risk insurance scheme is to be built in coordination with other agencies, including the Insurance Commission (OIC).

The secretary general of Thailand’s National Cyber Security Agency (NCSA), AVM Amorn Chomchoey, has taken a step forward to strengthen the nation’s cyber insurance sector further. Chomchoey announced that the NCSA would present a framework to help address issues related to cyber fraud insurance. 

The National Cyber Security Agency of Thailand undertakes the crucial task of implementing and monitoring cybersecurity policies for the government sector and critical information infrastructure. 

Cyber risk insurance or cyber fraud insurance will help improve transparency among businesses so they have clarity about guidelines, policies, and penalties for failing to adhere to protocol after security incidents.

The framework is also aimed at creating awareness related to the Cybersecurity Act. These are the critical areas that will be covered in the cyber fraud insurance:

1. Addressing monetary loss arising from security breaches.
2. Third-party coverage for vendors impacted by an incident.
3. Personal risk from loss of personal data, which may lead to identity theft, online shopping fraud, or having one’s information posted on the dark web.
4. Covering the cost and assisting the management of the affected firm in alerting victims whose data or assets have been breached.

Chomchoey expressed concern over not having a clearer framework or a set of steps, rules, or policies for cyber fraud insurance in Thailand yet despite the heightened impact of personal data loss. 

Adding to the woes, an IT distributor was forced to cough up a sum of 7 million Thai Baht as an administrative fine by the Personal Data Protection Committee (PDPA). After carefully reviewing the cybersecurity incident, it was found that the company did not have a personal data protection officer or adequate security measures in place to combat cyber attacks. 

All this was despite the company being well-equipped to employ adequate resources for safeguarding personal data, which was the center of the core business activities. In another incident, a mobile operator who had taken insurance was paid 10,000 baht per person. 

This amount was paid as compensation by the insurance firm for the personal data leak of the company’s clients. However, in this case, the amount was mutually agreed upon by the parties involved without following a central framework. 

Thailand Computer Emergency Response team registered over 1,800 cyber attack cases in the year 2024, of which over 100 attacks were targeted towards the private sector of Thailand. 

Chomchoey, who was nominated to be the secretary general of the NCSA in 2022, has maintained a stern stance on enhancing national security. 

The importance of adopting post-quantum cryptography was discussed by the NCSA in December 2023 to urge companies to address threats arising from quantum computers. This could also curb the threat of decrypting email conversations related to financial transactions and e-commerce. 

In 2024, Microsoft published a report about an initiative between the NCSA and Microsoft Thailand related to increased security through cutting-edge AI technology. 

Addressing the growing importance of security technology, Mike Yeh, Corporate Vice President and Deputy General Counsel of Microsoft Asia said, “I’ve had a number of conversations with national cybersecurity agencies across Asia – which make clear that we must be more intentional about leveraging hyperscale cloud and its AI-powered cybersecurity to strengthen cyber defenses – both to tackle the massive increase in cyber attacks and a persistent and growing cybersecurity talent shortage.”