Digital technology has advanced and become increasingly utilized through telecommunications systems. However, cyber threats have also intensified and taken more complex forms, posing risks to the security and integrity of systems and data, causing concerns for customers. Therefore, AIS focuses on safeguarding cyber security, whether through investing in security technology, improving processes, and capacity building, as well as strictly adhering to relevant security and legal measures to mitigate risks and impacts on business operations and customer service. Simultaneously, it can create additional value by providing enhanced cybersecurity services to individual and corporate customers.
Management Approach
AIS formulates its Cybersecurity and Personal Data Protection Policy for implementation across all company departments and associated third parties. This is to ensure that customers can trust that AIS operates transparently in protecting information systems and safeguarding customer personal data effectively. AIS has also established a governance structure to oversee cybersecurity and personal data protection, appointing dedicated supervisory committees and business units. These entities are responsible for defining regular monitoring and control procedures.
Cybersecurity
AIS is one of the organizations identified as Critical Information Infrastructure (CII). It has established practices for managing testing and monitoring to maintain cybersecurity. This includes continuously developing and updating policies and practices to align with international standards and relevant regulations.
AIS has established the 24/7 Cybersecurity Operation Center (CSOC) to ensure the Company’s capability to promptly address a cybersecurity incident. The CSOC is tasked with with monitoring and responding to potential cyberthreats through several measures, including real-time notifications of cyberthreats, remote device locking, and the user entity behavior analysis (UEBA) system, which enhance the capability in detecting and assessing cyberthreat.
Privacy Protection
AIS develops the data privacy protection policy and guidelines applicable to the entire Company and all its affiliates to ensure that its business operations align with the legal framework and relevant regulations.
Data Breach Response Procedure
AIS has received various certifications, demonstrating its commitment to attain and uphold the highest personal data protection standards as follows:
Performance Table
| Topic | Units | 2021 | 2022 | 2023 | 2024 |
|---|---|---|---|---|---|
| Personal data protection | |||||
| Number of personal data breach and data loss complaints | |||||
|
Complaints from general persons or agencies
|
Number of cases | 7 | 7 | 4 | 3 |
|
Complaints from regulatory agencies
|
Number of cases | 20 | 11 | 4 | 7 |
| Data leakage, theft, or loss | Number of cases | 0 | 2 | 1 | 0 |
| Requests for customers’ personal data from public agencies with the power and duty 1 | Number of cases | 25,442 | 19,454 | 19,255 | 19,854 |
|
% of the total number of requests
|
% | 70 | 92 | 92 | 93 |
| Network | |||||
|
Average network interruption frequency
|
Interruption per customer per year | 0.18 | 0.07 | 0.09 | 0.07 |
|
Average network interruption duration 2
|
Minutes | 54 | 38 | 37 | 72 |
Remark :
1 AIS provides customers’ personal data to the public agencies granted the authority by law, namely the Court of Justice, the Royal Thai Police Headquarters, and the Anti-Money Laundering Office.
2 In 2024, the average network interruption duration increased due to the impact of flooding.
Related Document
Information concerning “Cybersecurity and Customer Privacy Protection” can be found in the 2024 Sustainability Report.
