The country’s critical information infrastructure agencies and regulatory agencies improved their cybersecurity scores this year, while government agencies recorded lower scores.
For critical information infrastructure agencies, their average score increased to 89% in 2025, up from 83% last year, while regulatory agencies posted a score of 91%, rising from 85% in 2024, according to Thailand’s cyberthreat risk assessment conducted by the National Cyber Security Agency (NCSA).
The average for government agencies dropped to 59%, from 65%.
This year 298 agencies, representing most state departments, participated in the self-assessment programme, of which 191 agencies submitted assessment results.
AVM Jadet Khuhakonkit, assistant to the NCSA secretary-general, said the agency is accelerating the elevation of cybersecurity threat protection standards to ensure Thailand is a stable and trustworthy nation.
AVM Jadet attributed the decline for government agencies to the increase in participation among agencies from various sectors this year.
This dip means there are significant cybersecurity gaps that need to be addressed, he said, especially in the areas of risk and vulnerability management, and cyberthreat response plan development and testing.
Other areas requiring attention include business continuity and crisis communications plan development, oversight of outsourced service providers, information asset registry development, threats detected, and risk trends.
NCSA and Mahidol University also identified the top three threats in Thailand: exploitation of internal vulnerabilities, unauthorised access to systems or data, and disruption or denial of service.
Threats are increasing from ransomware, supply chain attacks, cloud misconfiguration and phishing, demonstrating the need for Thai agencies to urgently address vulnerabilities and strengthen preventative and proactive measures, said AVM Jadet.
He said one approach to strengthen cybersecurity would be to invest in the existing National Threat Intelligence Platform, a national cyberthreat intelligence centre.
The platform started operations last year and collects, analyses, and shares data from all sectors with related agencies, in accordance with international standards.
“The platform enables critical infrastructure organisations and government agencies to respond to threats quickly and accurately,” said AVM Jadet.
The platform is operated by the Thailand Computer Emergency Response Team under NCSA’s umbrella.