Global experience, locally delivered.

If your business is attacked at 7am, who will be on a call with you within 30 minutes?

Most Thai businesses don't have a clear answer. We do. Grant Thornton Thailand's Cyber Defence Centre answers in 30 minutes, begins investigation within 4 hours, and is on-site in Thailand within 24 hours. Backed by 950+ global cyber specialists, delivered by a Thai team that knows your regulators, your industry, and your reality.

Cyber incident response is what happens after a breach: containing the attack, investigating what was taken, and getting your business back to normal safely. Grant Thornton Thailand's Cyber Defence Centre provides 24/7 incident response across ransomware, business email compromise, data breaches, and insider threats. We work as an extension of your IT and leadership teams, not as outside vendors who hand you a report and leave.

If you're in the middle of an incident right now, stop reading and call 02-205-8111. If you're here to prepare, keep going.

Experiencing a cyber attack?  

Response in 30 minutes. Investigation in 4 hours. On-site in 24 hours. 

Who we are

Grant Thornton Thailand has run cyber response for years. The Cyber Defence Centre adds something few firms can: a Thai team on the ground in Bangkok, working hand in hand with Grant Thornton UK's Cyber Defence Centre, one of the most respected IR practices in Europe.
80,000+
GT global expert network

Our workstreams

Every incident we run is structured around three workstreams that operate in parallel, so you move fast without losing the evidence you'll need later.

We determine how the attacker got in, how long they were there, and what they accessed. This evidence is what you'll hand to the PDPC, your insurer, your board, and your customers.

We stop ongoing malicious activity and make sure the threat is fully neutralised, not just paused. Restoring systems before containment is complete is how businesses get hit twice.

We help you safely rebuild and return to business. Backups get tested, hardening gets applied, and the original entry point gets closed. Without all three, recovery is temporary.

 

What we cover

Incident response is our lead capability in Thailand, backed by Grant Thornton UK's Cyber Defence Centre. We also extend into managed security and cyber advisory where clients need broader, ongoing support.

Fast, expert-led containment and recovery from cyber incidents. Minimise impact, restore operations, and strengthen defences for the future. 

  • Investigation services
  •  Containment services 
  • Recovery services 
  • Incident response retainer 
  • Cyber insurance and breach counsel engagement 

Continuous, real-time threat monitoring and response across all environments. Scalable, tailored protection so threats are identified and neutralised. 

  • Managed Detection and Response (MDR) 
  • Managed Security Operations Centre (SOC) 
  • Managed Security Services 
  • Threat intelligence and brand protection 

Build security into the foundation of your digital infrastructure. In-depth assessments, reviews, training, and targeted recommendations to identify vulnerabilities and strengthen controls from the ground up.

  • Governance and compliance 
  • Threat detection and response advisory 
  • Offensive security testing 
  • Security resilience 
  • Training and awareness 

Certifications and recognition

CREST accredited
SANS-trained responders
Aligned to NIST and ISO 27001 / 27002
Assured Service with the UK National Cyber Security Centre
    Get in touch

    Andrew McBean

    Partner, Advisory Services, Technology and Digital Services

    Contact Andrew McBean Learn more about Andrew McBean
    Contact Andrew McBean Learn more about Andrew McBean
    Partner, Advisory Services, Technology and Digital Services
    Andrew McBean
    +66 2 205 8190

    FAQ

    Grant Thornton Thailand's Cyber Defence Centre runs ransomware response for Thai businesses 24/7. Call 02-205-8111. We respond within 30 minutes, begin investigation within 4 hours, and are on-site within 24 hours.

    Five things: 1) Call your IR provider before doing anything technical, 2) Do not power off or wipe affected systems (you'll destroy evidence), 3) Pull legal, IT, and a senior executive into one room, 4) Stop external communications until you know what's true, 5) Document everything from the moment you noticed.

    30 minutes maximum to respond when you call. Investigation begins within 4 hours. On-site support in Thailand within 24 hours. These are commitments, not aspirations.

    Yes. We work directly with insurers and breach counsel as part of our standard response model. If you have a policy, share it with us on the first call so we can align with your panel and approvals.