Thailand to develop cyber fraud insurance framework
Efforts to bolster Thailand’s cybersecurity are underway as the Office of the National Cyber Security Agency (NCSA) is working on developing a cyber fraud insurance framework. This initiative aims to aid organisations in mitigating the risk associated with cyber-attacks and data breaches, a growing concern in the digital age.
NCSA Secretary General Amorn Chomchoey explained that the framework could reinforce the cybersecurity landscape and enhance awareness of risks tied to the Cybersecurity Act and Personal Data Protection Act (PDPA).
Amorn further stated that cyber fraud insurance remains a rare offering in Thailand, lacking an established framework, rules, or guidelines despite the pressing need for personal data protection in the digital economy. Data breaches, where scammers exploit leaked customer data to inflict harm, occur sporadically, hence the need for protective measures.
Cyber fraud insurance, also known as cyber-risk insurance, provides protection against losses from cybercrime. It helps businesses and individuals manage risks from cyber threats like phishing, social engineering fraud, and data breaches. This service is common in many markets, aiding organisations in covering costs related to the theft of money, data, or digital assets, as well as damage to IT systems and networks.
The insurance extends to third-party coverage, addressing losses suffered by other enterprises with business ties to the victimised organisation. For personal risks, it covers losses from identity theft, online shopping fraud, or when personal data is published online without consent.
Incident management is another facet of this insurance, offering support for managing cyber incidents before and after they occur, along with covering notification costs following a security breach or data loss.
Needs to be convincing
Discussions are underway between the NCSA, the Office of the Insurance Commission (OIC), and related parties to develop a cyber fraud insurance scheme, Amorn revealed. The OIC must devise criteria to back the service, which includes clear guidelines, crucial in urging enterprises to adopt the insurance.
Previously, a major mobile operator purchased an insurance policy to cover potential damages to customers whose personal data was compromised, offering compensation of 10,000 baht per person. However, this compensation figure was independently determined without a centralised framework.
A 2024 report from the Thailand Computer Emergency Response Team revealed 1,827 cyber-attack cases last year, with 124 targeting the private sector. Prominent forms of cyber-attacks included fake websites or URLs, data theft, and distributed denial-of-service attacks. The most frequently targeted sectors were commerce, finance and banks, foreign commerce, retail, and IT and telecom.
Recently, an IT distributor faced a total administrative fine of 7 million baht from a Personal Data Protection Committee expert panel. Of this, 1 million baht was due to the absence of a personal data protection officer, despite the company’s large scale and focus on personal data processing.
Another 3 million baht was for inadequate security measures regarding access control and authorisation, and the remaining 3 million baht was due to the company’s failure to report a personal data breach within the required 72 hours as per the PDPA law, reported Bangkok Post.
Latest Thailand News
