Abstract
Cyberattacks have become a routine feature of contemporary security environments, yet policy responses often treat cyber threats as undifferentiated, encouraging generic remedies while obscuring the distinct capabilities needed to address different forms of attack. This article develops an empirical exploratory typology of cyber threats affecting Thailand. Drawing on incident-level data, it uses multiple correspondence analysis and hierarchical clustering to classify attacks by actor type, motive, target industry, event type, event subtype, and attributed actor country. The findings reveal three distinct threat profiles: financial cybercrime, characterised by criminal actors and financial motives; hacktivist disruption, defined by protest motives, disruptive operations, and attacks on public administration; and nation-state political espionage, associated with state-linked actors, China-attributed activity, and exploitation of end hosts. The article argues that distinguishing among these threat profiles provides a more useful basis for threat prioritisation, capability development, and resource allocation than treating cyber insecurity as a single risk category.
IPC Classification
Keywords
€ 4.00