Why Should You Care About The Cyber Security Bill 2024

Arthur Yeow

Published on Apr 30, 2024

Share this Article

Unbeknownst to many, Malaysia faces more than 84 million cyber attacks every day. Therefore, it is unsurprising that the Malaysian Cyber Security Bill 2024 was passed recently.

The bill passed both houses of parliament with broad support and at a quick pace. It is expected to pass into law, with major provisions taking effect in a matter of weeks. It is similar to legislation passed in other countries, such as Singapore, Japan, and the United States.

Malaysia’s Cyber Security Bill follows the core fundamentals of similar cyber security legislation—improving the cyber security governing framework, capabilities, and posture. However, Malaysia takes a step further by defining the country's critical sectors, such as healthcare, agriculture, and energy.

Who does it impact?

Malaysia’s Cyber Security Bill 2024 affects any organisation, local or foreign, that owns or operates digital infrastructure that falls under the following categories, which are known as National Critical Information Infrastructure (NCII):

government;
banking and finance;
transportation;
defence and national security;
information, communication and digital;
healthcare;
water sewerage and waste management;
energy;
agriculture and plantation;
trade, industry and economy; and
science, technology and innovation.

Leaders such as board directors and management team members responsible for technology have obligations under this bill. Technology and digital teams, compliance teams, and risk management teams are also impacted. There will also be indirect impacts on human resources practitioners such as recruitment and learning and development professionals.

In addition to NCII owners or operators, providers of cyber security services are also impacted as they will now be subject to licensing under the law.

How does it impact you?

NCII entities face numerous obligations under the bill, as well as any regulations that may be developed and promulgated by the National Cyber Security Agency (NACSA). These may include:

Compliance with codes of practice developed by sector leads;
Reporting requirements in the event of breaches;
Obligations to conduct periodic cyber risk exercises and assessments; and
Duties to run independent cyber audits.

Download Infographic

How should you prepare?

While 85% of Malaysian companies feel confident in their ability to defend against cyberattacks, in reality, only 2% are ready to do so. Most Malaysian organisations impacted by this bill will likely have to take steps to (1) improve their cyber security posture and (2) ensure that they are ready to manage the compliance obligations under the bill.

A necessary prerequisite for this is ensuring that organisations have cyber security capabilities, including:

Threat intelligence analysis to brace against future threats;
Incident handling and digital forensics;
Network defence and penetration testing; and
Cyber security awareness among employees to harden targets.

Malaysian businesses are concerned about the impact of cyber security regulations - nearly half of the organisations surveyed are concerned about mandatory reporting of cyber risk management and operational resilience requirements. However, organisations can alleviate these concerns by developing robust internal cyber security capabilities that will ensure organisations have processes, structures, and people to manage cyber security concerns and regulatory compliance.

View Related Courses

This Article Is Tagged Under

cybersecurity cybersecurity bill eccouncil

Arthur Yeow

Published on Apr 30, 2024

Share this Article

Why Should You Care About The Cyber Security Bill 2024

Certified Ethical Hacker

Certified Network Defender

Certified Threat Intelligence Analyst

Related Articles. Here’s what we’ve been up to recently.

Why Should You Care About The Cyber Security Bill 2024

Breaking Barriers in Code: Shing's Tech Triumphs Over Dual Impairments

Scam Notice: Fraudulent Schemes mentioning Excelerate and K-Youth