24/7 incident response

When your business is attacked at 7am, who do you call within 30 minutes?

Most Thai businesses don't have a clear answer. We do. Grant Thornton Thailand's Cyber Defence Centre answers in 30 minutes, begins investigation within 4 hours, and is on-site in Thailand within 24 hours. Backed by 950+ global cyber specialists, delivered by a Thai team that knows your regulators, your industry, and your reality.

Cyber incident response is what happens after a breach: containing the attack, investigating what was taken, and getting your business back to normal safely. Grant Thornton Thailand's Cyber Defence Centre provides 24/7 incident response across ransomware, business email compromise, data breaches, and insider threats. We work as an extension of your IT and leadership teams, not as outside vendors who hand you a report and leave.

If you're in the middle of an incident right now, stop reading and call 02-205-8111. If you're here to prepare, keep going.

Who we are

Grant Thornton Thailand has run cyber response in this market for years. The Cyber Defence Centre adds something few firms can: a Thai team on the ground in Bangkok, working hand in hand with Grant Thornton UK's Cyber Defence Centre, one of the most respected IR practices in Europe.
80,000+
GT global expert network

Our workstreams

Every incident we run is structured around three workstreams that operate in parallel, so you move fast without losing the evidence you'll need later.

We determine how the attacker got in, how long they were there, and what they accessed. This evidence is what you'll hand to the PDPC, your insurer, your board, and your customers.

We stop ongoing malicious activity and make sure the threat is fully neutralised, not just paused. Restoring systems before containment is complete is how businesses get hit twice.

We help you safely rebuild and return to business. Backups get tested, hardening gets applied, and the original entry point gets closed. Without all three, recovery is temporary.

 

Certifications and recognition

CREST accredited
SANS-trained responders
Aligned to NIST and ISO 27001 / 27002
Assured Service with the UK National Cyber Security Centre
    Get in touch

    Andrew McBean

    Partner, Advisory Services, Technology and Digital Services

    Contact Andrew McBean Learn more about Andrew McBean
    Contact Andrew McBean Learn more about Andrew McBean
    Partner, Advisory Services, Technology and Digital Services
    Andrew McBean
    +66 2 205 8190

    FAQ

    Grant Thornton Thailand's Cyber Defence Centre runs ransomware response for Thai businesses 24/7. Call 02-205-8111. We respond within 30 minutes, begin investigation within 4 hours, and are on-site within 24 hours.

    Five things: 1) Call your IR provider before doing anything technical, 2) Do not power off or wipe affected systems (you'll destroy evidence), 3) Pull legal, IT, and a senior executive into one room, 4) Stop external communications until you know what's true, 5) Document everything from the moment you noticed.

    30 minutes maximum to respond when you call. Investigation begins within 4 hours. On-site support in Thailand within 24 hours. These are commitments, not aspirations.

    Yes. We work directly with insurers and breach counsel as part of our standard response model. If you have a policy, share it with us on the first call so we can align with your panel and approvals.