Why Should You Care About The Cyber Security Bill 2024

Share this Article

Unbeknownst to many, Malaysia faces more than 84 million cyber attacks every day. Therefore, it is unsurprising that the Malaysian Cyber Security Bill 2024 was passed recently.

The bill passed both houses of parliament with broad support and at a quick pace. It is expected to pass into law, with major provisions taking effect in a matter of weeks. It is similar to legislation passed in other countries, such as Singapore, Japan, and the United States.

Malaysia’s Cyber Security Bill follows the core fundamentals of similar cyber security legislation—improving the cyber security governing framework, capabilities, and posture. However, Malaysia takes a step further by defining the country's critical sectors, such as healthcare, agriculture, and energy.

Who does it impact?

Malaysia’s Cyber Security Bill 2024 affects any organisation, local or foreign, that owns or operates digital infrastructure that falls under the following categories, which are known as National Critical Information Infrastructure (NCII):

  • government;
  • banking and finance;
  • transportation;
  • defence and national security;
  • information, communication and digital;
  • healthcare;
  • water sewerage and waste management;
  • energy;
  • agriculture and plantation;
  • trade, industry and economy; and
    science, technology and innovation.

Leaders such as board directors and management team members responsible for technology have obligations under this bill. Technology and digital teams, compliance teams, and risk management teams are also impacted. There will also be indirect impacts on human resources practitioners such as recruitment and learning and development professionals.

In addition to NCII owners or operators, providers of cyber security services are also impacted as they will now be subject to licensing under the law.

How does it impact you?

NCII entities face numerous obligations under the bill, as well as any regulations that may be developed and promulgated by the National Cyber Security Agency (NACSA). These may include:

  • Compliance with codes of practice developed by sector leads;
  • Reporting requirements in the event of breaches;
  • Obligations to conduct periodic cyber risk exercises and assessments; and
  • Duties to run independent cyber audits.

How should you prepare?

While 85% of Malaysian companies feel confident in their ability to defend against cyberattacks, in reality, only 2% are ready to do so. Most Malaysian organisations impacted by this bill will likely have to take steps to (1) improve their cyber security posture and (2) ensure that they are ready to manage the compliance obligations under the bill.

A necessary prerequisite for this is ensuring that organisations have cyber security capabilities, including:

Malaysian businesses are concerned about the impact of cyber security regulations - nearly half of the organisations surveyed are concerned about mandatory reporting of cyber risk management and operational resilience requirements. However, organisations can alleviate these concerns by developing robust internal cyber security capabilities that will ensure organisations have processes, structures, and people to manage cyber security concerns and regulatory compliance.



View Related Courses

EC OG CTIA 1200X630

Certified Threat Intelligence Analyst

Arthur Yeow

Published on Apr 30, 2024

Share this Article

Related Articles. Here’s what we’ve been up to recently.

Why Should You Care About The Cyber Security Bill 2024

Explore the implications of Malaysia's newly passed Cyber Security Bill 2024, including its impact on critical infrastructure sectors and recent examples of cyberattacks.

Arthur Yeow

Apr 30, 2024

Breaking Barriers in Code: Shing's Tech Triumphs Over Dual Impairments

Discover how Shing's determination and resilience transformed challenges into opportunities, highlighting the crucial role of accessible education in the tech industry.


Dec 04, 2023

Scam Notice: Fraudulent Schemes mentioning Excelerate and K-Youth

This is an important notice on fraudulent communications that have been made to the members of the public which are purported to be made on behalf of Excelerate Sdn Bhd.

Aug 17, 2023