The top three sectors for cybersecurity readiness are finance and banking; information technology and telecommunications; and transport and logistics, according to the National Cyber Security Agency's (NCSA) assessment.
A recent NCSA report examined cybersecurity readiness among organisations linked with critical information infrastructure (CII), regulators and government agencies.
Assessed in the report are seven sectors: national security; essential public services; finance and banking; information technology and telecommunications; transport and logistics; energy and public utilities; and public health.
"There has been an increase in cyberthreats across the globe, including in Thailand, which is pushing for digital adoption of work in the public and private sectors, as well as CII-based organisations," said AVM Amorn Chomchoey, secretary-general of NCSA.
The report surveyed 62 CII organisations, including 19 regulators and 53 organisations in the seven sectors.
The report shows the average score for cybersecurity readiness is 3.35 out of 5, comprising scores of 3.15 for the recovery function, 3.2 for the respond function, 3.29 for the detect function, 3.4 for the identify function and 3.7 for the protect function.
The three sectors with the lowest average scores are national security, essential public services and public health.
The group also distributed questionnaires to 297 government agencies to assess their cybersecurity readiness, with 162 agencies responding in full.
The average score from the questionnaire is 2.93 for these government agencies, consisting of scores of 2.72 for the respond function, 2.82 for the recovery function, 2.88 for the identify function, 2.9 for the detect function, and 3.36 for the protect function.
The survey found 85 government agencies received a score of more than 3 on the cybersecurity risk readiness assessment, while 77 gained a score of less than 3.
AVM Amorn said the government agencies that received a score of less than 3 must step up efforts for improvement.
To enhance efforts to minimise cybersecurity risks, NCSA devised a cybersecurity policy and operation plan spanning 2022 to 2027, which was published in the Royal Gazette on Dec 9, he said.
This regulation, said AVM Amorn, will serve as a framework for the country's cybersecurity.
The regulation focuses on collaboration between organisations for preparedness for cyber-incidents, including response and recovery.
The policy also prioritises building secure digital infrastructure and improving the capacity of agencies at the national level to cope with cyberthreats, he said.
Global cybersecurity firm Palo Alto Networks said hackers are sharpening their focus on critical digital infrastructure in countries.
There have been many cases of ransomware attacks on public health and digital platforms, leading to personal data leaks, said Tatchapol Poshyanonda, country director of Palo Alto Networks Thailand.
Organisations need to have solutions that protect their systems when employees work remotely, he said.
Between March 1 and June 27 this year, Thailand registered 44,144 cases of cyber-attacks linked to remote work, causing damage worth 3 billion baht, said Mr Tatchapol.