While Malaysia is actively investing in cybersecurity measures, it still faces significant challenges, as evidenced by recently recorded cyberattacks. In 2022, over 28 thousand cyberattacks were documented, though there was a slight decrease from around 33 thousand attacks in 2021. Despite efforts to bolster cybersecurity defenses, the frequency of cyberattacks in Malaysia has been steadily increasing over the past four years.
In response, the Malaysian Parliament recently tabled the Cyber Security Bill 2024, marking a pivotal step in fortifying the nation's cyber defenses. The bill aims to establish a robust regulatory framework to protect Malaysia's cyber landscape, particularly its critical information infrastructure, against evolving cyber threats.
The bill extends its jurisdiction beyond Malaysia's borders, applying to individuals of any nationality or citizenship, as well as to both federal and state governments. Under its provisions, the National Cyber Security Committee (NCSC) will be formed, chaired by the Prime Minister, and tasked with advising the government on cyber security matters and overseeing the bill's implementation. The establishment of the NCSC serves as a pivotal move towards centralizing efforts and ensuring cohesive coordination among sector leads and industry stakeholders.
Granting authority to the Chief Executive of the National Cyber Security Agency, the bill authorizes the establishment of a National Cyber Coordination and Command Centre to manage cyber threats effectively. The Chief Executive is further permitted to issue directives ensuring compliance with the bill's provisions.
Protection of National Critical Information Infrastructure (NCII)
The bill focuses on safeguarding entities that own or operate national critical information infrastructure (NCII). Defined broadly as systems essential to Malaysia's security, economy, public health, and safety, the NCII encompasses sectors such as government, banking, transportation, healthcare, and energy.
Sector leads appointed by the Minister, which are responsible for cyber security, will oversee each NCII sector, designating entities as NCII entities and developing sector-specific codes of practice to ensure cyber resilience.
NCII entities are obligated to implement measures outlined in the sector-specific codes of practice to enhance cyber security. This includes conducting risk assessments and submitting audit reports to the Chief Executive. Moreover, the prompt reporting of cyber incidents is mandatory, which, in turn, triggers investigations and remedial actions, which are implemented by the authorities.
The bill mandates licensing for individuals or entities offering cybersecurity services, underscoring the importance of professional standards in the industry. The specific scope of these services will be determined by the Minister, ensuring alignment with evolving cyber threats and technological advancements.
Regulated entities, particularly those overseen by Bank Negara Malaysia, Securities Commission Malaysia, and the Labuan Financial Services Authority, have already implemented robust cyber security policies. These entities adhere to regulatory guidelines, ensuring the existence of incident reporting mechanisms, business continuity plans, and emergency communications protocols.
Malaysia’s 2024 Cyber Threats Landscape
Kaspersky, a global cybersecurity company, predicts that there will be an increase in cyber-threats in Malaysia throughout 2024, particularly targeting organizations handling personal data within the financial and telecommunications sectors.
According to Kaspersky's data from 2023, their detection systems intercepted 26.85 million ‘internet-borne’ attacks in Malaysia, averaging 74,000 attacks daily. Additionally, their systems identified and blocked 22 million local infection threats (equivalent to around 60,000 attacks per day).
Malaysia's cybersecurity landscape is evolving rapidly, with cyber solutions poised to dominate the market with a projected volume of USD 284.10 million in 2024. This sector is expected to witness robust growth, with revenue forecasted to increase at an annual rate of 13.71% (CAGR 2024-2028), reaching a market volume of USD 844.70 million by 2028.
Moreover, the average spend per employee in cybersecurity is projected to reach USD 29.79 in 2024. Thus, the need for robust investment in cyber security is mandatory to ensure that Malaysia’s cyber landscape is protected and can flourish.
Malaysia's Digital Transformation Efforts
In line with Malaysia's digital transformation agenda, cyber security has been identified as a key enabler under the Program Mangkin Malaysia Digital (PEMANGKIN). The Malaysia Digital Economy Corporation (MDEC) has allocated significant funding to support cyber security initiatives, underscoring the importance of this sector in Malaysia's digital evolution.
As the need for cyber security increases, service providers offering penetration testing, independent cyber audits, and cloud security services are poised to play a pivotal role in transforming Malaysia's digital landscape. Through initiatives like the Malaysia Digital Status, these providers can access incentives such as tax benefits and foreign worker quotas, fostering growth and innovation in the cyber security sector.
The passing of the Cyber Security Bill represents a commendable and timely step in Malaysia's journey towards digital resilience. The Cyber Security Bill 2024 underscores Malaysia's commitment to building a secure digital infrastructure ecosystem. By bolstering its cyber security framework, Malaysia aims to instill greater confidence among international partners and investors, positioning itself as a leading digital hub in ASEAN.