Cyber resilience in Malaysia: Why compliance isn't enough
Across Malaysia, financial institutions, critical infrastructure providers, and businesses have made significant strides aligning with frameworks such as Bank Negara Malaysia's Risk Management in Technology (RMiT) guidelines, the Personal Data Protection Act (PDPA), and various sector-specific regulations.
Yet breaches continue to make headlines, affecting even the most 'compliant' organisations. Why?
The reality is compliance is only the starting line, not the finish line. In a rapidly evolving threat landscape, true cyber resilience demands much more.
Compliance alone can't keep pace with threats
While regulatory frameworks are a crucial foundation, they represent only the minimum baseline.
Threat actors are not bound by minimum standards, they are innovating faster than regulations can evolve. Sophisticated ransomware gangs, state-sponsored groups, and cybercriminal syndicates are constantly refining their tactics.
According to CyberSecurity Malaysia, local organisations faced over 19 million cyber threats in the first half of 2024, resulting in financial losses exceeding RM1.2 bil.
Regional findings from Sophos indicate that 83% of APJ organisations report increased operational complexity due to cybersecurity regulations, with 36% citing employee stress and burnout as a direct result.
Yet, 56% still recognise that these frameworks improve both cybersecurity and business resilience, highlighting the need to balance compliance with practical, scalable implementation.
Clearly, businesses must go beyond regulatory checklists and adopt proactive, intelligence-driven security measures.
At Sophos, our 2024 Threat Report highlights emerging tactics such as data extortion without encryption, AI-powered phishing campaigns, and the exploitation of zero-day vulnerabilities, all occurring faster than typical regulatory update cycles.
In Malaysia, sectors like education, healthcare, SMEs, and financial services are increasingly targeted by multi-extortion ransomware attacks.
For business leaders, compliance should be seen as a foundation, not a complete strategy. Cyber resilience demands real-time threat monitoring, AI-driven automation for faster incident response, and comprehensive recovery frameworks.
In today's environment, 'checking the box' is no longer enough; security must be responsive, intelligence-led, and fully embedded across operations.
The growing problem of framework fatigue
At the same time, organisations are grappling with an ever-expanding maze of cybersecurity frameworks; international, industry-specific, and national.
This burden is particularly acute for SMEs, which often lack the resources and expertise needed for robust cybersecurity implementation.
This complexity can lead to framework fatigue: confusion, burnout, and decision paralysis that prevent effective action.
While frameworks aim to provide clarity, without the right support, they risk overwhelming the very organisations they are meant to protect.
Malaysia's evolving regulatory environment holds promise for streamlining this complexity.
However, businesses must be equipped with practical guidance, scalable technologies, and actionable strategies to bridge the gap between compliance and true resilience.
From compliance to resilience: A strategic imperative
It's no longer enough to ask, 'Are we compliant?' Organisations must ask:
Are our cybersecurity strategies aligned with real-world threats?
Do we have the visibility, control, and speed necessary to detect and respond to incidents?
Cyber resilience must be a board-level priority, recognised as a critical enabler of trust, operational continuity, and competitive advantage.
Organisations that treat cybersecurity as a strategic business imperative today will be the ones that thrive in Malaysia's increasingly digital economy. ‒ July 31, 2025
Aaron Bugal is the Field CTO of Sophos.
The views expressed are solely of the author and do not necessarily reflect those of Focus Malaysia.
Main image: Tech Wire Asia
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
New Straits Times
15 hours ago
- New Straits Times
Westports Q2 profit up 14pct on higher container volumes, declares interim dividend
KUALA LUMPUR: Westports Holdings Bhd posted a 13.7 per cent rise in net profit to RM231.6 million for the second quarter ended June 30, 2025, compared to RM203.7 million in the same quarter last year, driven by higher operational revenue from increased container volumes. Revenue for the quarter grew 24.9 per cent to RM691.1 million from RM552.9 million previously, supported by higher container throughput and construction revenue from the port's ongoing development works. Westports recorded operational revenue of RM1.2 billion for the first half ended June 30, 2025, marking a 10 per cent increase compared to the corresponding period last year. In a filing with Bursa Malaysia, Westports said its board of directors has declared a first interim dividend of 9.93 sen per share for the financial year ending Dec 31, 2025, totaling RM338.6 million. On its prospects, the company said its latest projection anticipates a single-digit positive growth in volume for the year, adding that this forecast will be reassessed as the year unfolds. "The global economy continued to face headwinds such as tariff volatility, regionalisation consideration, military conflicts, sporadic port congestion and unsettled interest rates. "Some front-loading in the early part of the year has provided momentum to the current year's overall container volume growth," it said. Westports added that maintaining the current growth momentum in the second half of the year may prove difficult due to various challenges. However, it said the region's economic resilience and the alliance-adjusted model adopted by container shipping lines could help soften the impact on container volume growth.
The Sun
19 hours ago
- The Sun
Malaysia secures US tariff cut to 19% after strategic negotiations
KUALA LUMPUR: The United States has agreed to lower tariffs on Malaysian exports from 25% to 19%, marking a diplomatic win for Malaysia after months of negotiations. Investment, Trade and Industry Minister Tengku Datuk Seri Zafrul Abdul Aziz attributed the outcome to Malaysia's firm yet methodical approach in safeguarding national interests. Tengku Zafrul highlighted that Malaysia maintained its stance on critical policies while securing the reduced rate. 'The 19% tariff aligns with regional benchmarks and preserves Malaysia's sovereign right to implement socio-economic policies,' he said. The negotiations, which began on May 6, concluded on July 31, 2025. The minister noted that the agreement reflects six decades of strong Malaysia-US trade relations. 'This result was achieved through sustained bilateral engagement, demonstrating mutual economic benefits,' he added. To mitigate the tariff's impact, Malaysia will leverage its 18 free trade agreements and diversify export markets. 'MITI is coordinating with Bank Negara Malaysia and other agencies to assess GDP effects and support exporters,' Tengku Zafrul said. The government will also advance industrial reforms under the New Industrial Master Plan 2030 and National Semiconductor Strategy. Amid global economic uncertainties, Malaysia remains resilient. 'While external risks persist, domestic demand and policy reforms position us well,' he said. MITI will conduct outreach programmes to guide businesses on the revised tariff's implementation. - Bernama
The Sun
20 hours ago
- The Sun
Financial sector crucial for SME growth in strategic industries says BNM
KUALA LUMPUR: The financial sector must actively support small and medium enterprises (SMEs) in strategic growth areas to align with Malaysia's national transformation goals, said Bank Negara Malaysia (BNM) governor Datuk Seri Abdul Rasheed Ghaffour. Speaking at the CGC 30th Edition Award 2024, he emphasised the need for financial institutions to facilitate SME participation in high-potential industries such as semiconductors, aerospace, and renewable energy. 'These sectors are capital-intensive and technology-driven, often posing entry barriers for smaller businesses,' he noted. Abdul Rasheed outlined three key areas where financial institutions, including Credit Guarantee Corporation Malaysia (CGC), can contribute. First, unlocking SME opportunities in frontier industries through risk-sharing mechanisms and private capital mobilisation. 'Well-designed programmes with technical expertise can bridge information gaps, giving financial institutions confidence to support SMEs,' he said. Second, he stressed advancing data-driven SME development, citing CGC's shift towards analytical decision-making. 'We must broaden financing access not just for startups but also scalable firms,' he added. Third, he called for sustainable financing solutions, including green and Islamic finance, alongside deeper fintech and ecosystem partnerships. The governor's remarks align with Malaysia's policy frameworks like the New Industrial Master Plan and National Energy Transition Roadmap. 'The financial sector must evolve to support these reforms,' he concluded. - Bernama
