You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

Search
Close this search box.
June 13, 2025

Compliance-Driven Cybersecurity: Cyberattack Prevention, Response, and Recovery

Subscribe to Updates

In today’s digital age, cyberattacks have become a real threat to organizations worldwide. These attacks can range from phishing and malware to ransomware and distributed denial of service (DDoS) attacks. As the frequency and sophistication of these attacks increase, so does the importance of cybersecurity compliance.

In the corporate world, compliance refers to the process of ensuring that a company and its employees adhere to all relevant laws, regulations, standards, and ethical practices—but it should not stop there. Compliance should also encompass asset recovery and disciplinary measures, which can both help organizations address incidents effectively and promote good governance.

Cyberattacks are malicious attempts to access or damage a computer system or network, often carried out for financial gain, for political activism, or simply to cause disruption. For instance, a successful attack might involve an attacker creating an email address that closely resembles a legitimate one, perhaps by changing only one or two characters. That email address is then inserted into an existing conversation thread, making it appear as if the user with this email address was already part of the discussion. This tactic can easily deceive a recipient into believing the email was sent from a trusted source, thereby leading them to click on malicious links, provide sensitive information, or even make payments in accordance with the attacker’s request or instructions. Phishing attacks like these are particularly dangerous and can have a serious impact on the ongoing business of a corporation because they exploit the trust and familiarity established in the original email chain.

Effective Mitigation Approaches

Mechanisms for addressing the aftermath of a crisis provide important recourse to affected organizations, but effective compliance mechanisms can minimize the risk of such crises ever occurring. Companies should therefore prioritize preventative measures and implementation of effective crisis management schemes.

Various legal and regulatory frameworks govern cybersecurity and data compliance in Thailand. For example, the Cybersecurity Act B.E. 2562 (2019) categorizes cyber threats into three levels: noncritical, critical, and crisis, each requiring specific measures. The Personal Data Protection Committee under the Data Protection Act B.E. 2562 (2019) provides guidelines on handling personal data breaches and emphasizes assessing and mitigating risks to individuals.

With respect to minimizing the risks posed by cyberattacks, compliance is essential for several reasons. First, it helps organizations avoid legal penalties and fines associated with noncompliance. Second, it enhances an organization’s reputation by demonstrating a commitment to protecting sensitive information and assets. Third, compliance helps mitigate the risk of cyberattacks, thereby protecting an organization’s financial standing and operational efficiency.

Providing adequate training on these issues gives companies the opportunity to demonstrate to their employees that they support them by providing them with the knowledge to protect themselves with cyber-safety awareness. This approach benefits both the employees and the company and is also an easily overlooked tool for building morale. For instance, during one cybersecurity training session, participants learned about various types of scams and social engineering strategies used by cybercriminals. The training emphasized the importance of being cautious and mindful of cybersecurity to protect both organizational and personal information. Additionally, fake email addresses can lead to financial payments being made to the wrong entity’s account, necessitating actions from corporations to maintain good governance and compliance. Providing employees with the necessary knowledge to identify attacks and take appropriate initial steps could be a crucial measure for an organization to prevent potential damage such as this.

Financial staff and risk management teams are typically the first responders to an attack, halting payments or deliveries and establishing preliminary measures to prevent future occurrences. However, actions taken after an incident are equally important. These include reporting to authorities and attempting asset recovery to mitigate financial losses. Regardless of the likelihood of recovery, such actions promote good governance and are essential for continuous smooth operations of the organization.

Periodic reviews of past activities, along with disciplinary actions for the employees involved, are integral to compliance mechanisms that account for the dynamics of a business. Regular reviews should monitor the company’s cyber health and employee awareness to ensure improvements and sustained vigilance, and when employees have made payments to culprits, the company’s actions speak louder than words. Balancing the maintenance of morale with good governance can be challenging, but human resources knowledge and morale complement each other. A thorough understanding of corporate consciousness and the law enables comprehensive measures tailored to a corporation’s needs.

Having a clear cybersecurity policy and protocols, along with proper training, ensures that employees understand the consequences of failing to follow those protocols. Employees can be held accountable and disciplined based on the facts of the case and company rules, especially if evidence confirms gross negligence or misconduct.

Outlook

The intersection of cyberattacks and comprehensive compliance is critical for any organization operating in today’s digital landscape. By understanding the nature of cyberattacks and adhering to cybersecurity compliance standards, organizations can better protect themselves from potential threats and ensure the security of their information.

Organizations should also remember they are not alone, and they can readily enlist the services of specialists. At Tilleke & Gibbins, we not only provide asset recovery and litigation services but also offer specialized training on compliance, providing comprehensive advice on employment law. Our expert team is dedicated to ensuring organizations are well equipped to navigate the complexities of cybersecurity regulations and employment law.

Related Professionals

Industries

Technology

Practices

Dispute Resolution and Litigation

Location

RELATED INSIGHTS​

May 28, 2025
Tilleke & Gibbins attorneys in Vietnam have contributed the 2025 edition of Doing Business in Vietnam, a comprehensive Q&A-style resource from Thomson Reuters Practical Law that provides essential insights for companies navigating business operations in Vietnam. The guide presents a detailed overview of the country’s legal framework and regulatory environment, reflecting recent updates in Vietnamese legislation and practice. This annually updated guide offers key information on the following areas: Legal system: Structure of the Vietnamese judiciary and the role of codified law. Foreign investment: Conditions for market access, licensing requirements, foreign ownership restrictions, and investment incentives. Business vehicles: Formation and operation of legal entities, including limited liability companies, joint-stock companies, and representative offices. Employment: Employment contracts, social insurance, labor rights, and procedures for hiring foreign nationals. Tax: Overview of corporate income tax, personal income tax, value-added tax, and other tax obligations. Intellectual property: Procedures for protecting and enforcing patents, trademarks, copyrights, and other IP rights. Data protection: Compliance requirements under Vietnam’s data privacy laws, including the Personal Data Protection Decree. Competition law: Antitrust rules and regulatory oversight under the Law on Competition. Anti-bribery and corruption: Legal framework and enforcement practices aimed at curbing corrupt activities. E-commerce and digital business: Regulations governing online platforms, digital content, and cross-border services. Marketing and advertising: Laws and guidelines on advertising standards and consumer protection. Product regulation and liability: Safety requirements, product liability issues, and roles of relevant authorities. Doing Business in Vietnam is part of Practical Law’s global series of legal guides designed to support international practitioners and businesses. To access the most recent edition of the Vietnam guide, visit the Practical Law website and sign up for a free trial.
Read More
May 28, 2025
Thailand’s Food and Drug Administration (FDA) has launched a strategic collaboration with leading e-commerce platforms Lazada and Shopee to strengthen regulatory oversight of health-related products sold online. This partnership is part of a broader initiative to enhance consumer protection, enforce compliance with Thai health regulations, and foster a safer digital marketplace for health products. As part of this initiative, the Thai FDA is urging all sellers—particularly cross-border vendors—to secure proper FDA registration for their products before market entry. The objective is to ensure that only legally authorized, safe, and quality-assured healthcare products are available to Thai consumers. In pursuit of this goal, the FDA has been working closely with Lazada and Shopee to implement proactive surveillance mechanisms aimed at identifying and removing noncompliant, substandard, or unregistered products. This collaboration has already yielded measurable results. Between September 2023 and 2024, Lazada supported regulatory enforcement by removing 9,454 noncompliant listings and delisting 30 vendors. In addition, 134 sellers were subjected to legal proceedings for regulatory violations. Shopee has taken a similarly rigorous stance, committing to the immediate removal of products found to be in breach of FDA regulations. The platform has also provided educational materials for merchants and implemented consumer complaint mechanisms to enhance accountability. Looking ahead, the Thai FDA plans to roll out a data integration system utilizing API technology, enabling seamless and secure exchange of regulatory data between the agency and e-commerce platforms. This system will be supported by comprehensive training for both Thai FDA officials and e-commerce staff, with a particular focus on the use of the Thai government’s Law Enforcement Request Portal, a secure communication channel for coordinating enforcement actions between government agencies and platform operators. Additionally, a joint product inspection framework is currently under development in partnership with Lazada and Shopee. This framework will incorporate strict
Read More
May 26, 2025
On May 21, 2025, the Trade Competition Commission of Thailand (TCCT) published a press release signaling heightened regulation of digital platforms in response to the influx of products from foreign countries being sold in Thailand via e-commerce platforms. In recent years, the rapid expansion of cross-border multi-sided e-commerce platforms has unlocked unprecedented growth, but it has also flooded Thailand’s digital marketplaces with low-cost imports sold by unregulated foreign vendors via these platforms, unfairly undercutting local merchants’ market share and exposing consumers to uneven product quality. According to the press release, the TCCT announced progress on drafting new guidelines on unfair trade practices, monopolistic conduct, and competition restraint by multi-sided e-commerce platforms at a recent meeting of the Management Committee for Addressing Issues of Foreign Goods and Businesses Violating Laws. This regulatory push is part of a broader governmental effort to tackle issues stemming from the foregoing that create uneven playing fields and undermine consumer welfare. The draft guidelines are designed to regulate platform operators and their complex and multidimensional trade relations that cause network effects and distort competition. The forthcoming guidelines, to be issued under the Trade Competition Act B.E. 2560 (2017), will undergo public consultation to ensure platform operators, the public, and other stakeholders will have an opportunity to provide input before they are finalized and enforced. The guidelines are seen as an important priority, with the minister of commerce urging swift implementation of the measures to achieve the government’s objectives. In addition to the legislative advancement, one of the TCCT commissioners has been appointed to advise a subcommittee on preventing nominee arrangements by foreign investors and a subcommittee dedicated to promoting Thai SMEs and eliminating poor-quality imports. The appointee will also support the nationwide task force against illegal foreign products in overseeing proactive field operations and comprehensive
Read More
May 22, 2025
While digital technologies have significantly enhanced communication and information sharing, they have also created new opportunities for misuse, particularly for children, who are especially vulnerable to online abuse and exploitation. These risks are often difficult for parents and guardians to detect or prevent in a timely manner. To address these concerns, Thailand has drafted an amendment to the Criminal Code to introduce new provisions targeting offenses against children committed via online platforms. The objective is to close existing legal gaps and to provide more robust protections for children in the digital environment. The draft amendment focuses primarily on addressing online offenses against children and enhancing legal protections for children. The draft amendment proposed changes regarding the following issues: Jurisdiction and media misuse Expanding Thailand’s jurisdiction to cover sexual and liberty-related offenses committed against children outside the country. Adding offenses for misuse of media, including recording, publishing, or transmitting text, images, or sounds for unlawful or exploitative purposes. Offenses involving child exploitation Adding penalties for persuading, luring, or enticing children to engage in sexual or indecent conduct. Imposing harsher penalties for aggravated cases relating to child exploitation that result in serious harm or death. Adding penalties for sending or forwarding inappropriate sexual content to children with exploitative intent. Adding penalties for using threats involving sexual conduct to pressure or coerce victims. Removing ignorance of a child’s age as a possible defense for certain offenses (e.g., luring children or sending inappropriate content) when the child is under 13 years old. Special protections for vulnerable individuals Imposing harsher penalties for offenses committed against parents, persons under legal guardianship or parental authority, or individuals unable to protect themselves. Adding penalties to offenses such as luring children, sending inappropriate content, and cases involving serious harm or death. Child pornography Increasing liability for possession and
Read More

Contact

We have seven offices in six countries
across Southeast Asia.

Contact Us

Careers

We are always seeking great people to grow
our amazing team.

Join Us

Networks

© 2024 Tilleke & Gibbins International Ltd. All rights reserved.

© 2020 Tilleke & Gibbins International Ltd. All rights reserved.

Privacy Policy

| Fraudulent Communications

| Legal Notice