HQ/EMEAFind out how we can help your business
On June 26, 2024, the Attorney General’s Chambers officially gazetted the Cyber Security Act 2024, marking a significant turning point in Malaysia’s cybersecurity path. Act 854, a historic piece of legislation, has the potential to completely transform the country’s cyber defences and increase resilience in the face of increasingly complex cyber threats.
The National Cyber Security Committee, which will be in charge of the country’s cybersecurity strategy, is one of the Act’s main aspects. The Act specifies the obligations of National Critical Information Infrastructure (NCII) sector leads and entities as well as the functions and authority of the Chief Executive of the National Cyber Security Agency (NACSA). With a focus on vital infrastructure, these regulations seek to expedite the handling of cybersecurity incidents and threats.
Act 854 has been formally gazetted; however, it is not yet in effect.
NACSA is currently working with a number of stakeholders to complete the rules required for the Act’s execution. This partnership emphasises how crucial it is to have a coordinated strategy for protecting Malaysia’s digital environment.
The Act designates some entities as NCII entities, and it is their responsibility to keep an up-to-date registry of their infrastructures. These organisations are vital to national security because any interference with their systems may affect public safety, government operations, or critical services. The Act intends to safeguard the most important parts of the country’s digital ecosystem by requiring these companies to give priority to their cybersecurity efforts.
One important part of Act 854 is the requirement to use certain cybersecurity procedures. NCII entities are subject to a comprehensive code of practice, violations of which include heavy fines or jail time. The Malaysian government’s genuine commitment to upholding high cybersecurity standards is shown in this onerous regulation.
For NCII businesses, the Act also requires periodic cybersecurity risk assessments and audits. The NACSA CEO must receive these evaluations, which certified auditors carry out. By consistently identifying and addressing vulnerabilities, this proactive strategy aims to create an atmosphere where cybersecurity safeguards are constantly improved.
Act 854’s provision for the timely reporting of cybersecurity events is another essential component. Within a certain amount of time, NCII companies are required to report any occurrences or potential risks to the sector heads and the Chief Executive of NACSA. This measure guarantees prompt and efficient event management, reducing damage and facilitating a coordinated response.
The Act requires licensure for all cybersecurity service providers in an effort to strengthen cybersecurity even more. These suppliers guarantee the calibre and dependability of services offered to NCII organisations by fulfilling particular requirements and abiding by license terms.
Act 854 offers opportunities as well as challenges for cybersecurity executives in Malaysia and throughout Southeast Asia. The strict guidelines and enforcement procedures of the Act emphasise how vital cybersecurity is. Managing these legislative shifts requires leaders to strengthen their firms’ cybersecurity posture and maintain compliance.
Sunway Group’s Chief Information Security Officer, Eddie Hau, sees the Act as a wake-up call for other businesses and NCII entities. He stresses that in order to guarantee compliance and cybersecurity hygiene, ongoing verification, validation, and improvement are crucial.
Act 854 is a revolutionary piece of legislation that encourages all leaders in cybersecurity to fortify their defences, guarantee adherence, and help create a more secure digital future. Organisations in the region will need to be able to manage and reduce cyber risks in order to be resilient and successful as the digital world develops.
