THE Cyber Security Act 2024 marks a pivotal shift in Malaysia’s approach to managing cybersecurity risks and enhancing the nation’s overall cyber resilience. This will especially affect sectors under the National Critical Information Infrastructure (NCII), which covers 11 sectors including government, banking and finance, transportation, information, communication and digital, healthcare services, and more.
With the laws now in effect, we can expect to see this new regulation impact businesses and cybersecurity practices through:
Mandatory Risk Assessments and Audits: The new regulations require NCII entities to conduct annual cybersecurity risk assessments and biannual audits. This mandate will compel businesses operating in critical sectors to rigorously evaluate and fortify their cybersecurity posture. Regular assessments and audits not only help identify and mitigate vulnerabilities but also ensure compliance with evolving standards.
Swift Incident Reporting: NCII entities are required to promptly report cybersecurity incidents through the National Cyber Coordination and Command Centre System (NC4 System). This regulation necessitates a well-prepared incident response strategy, enabling quicker reporting and response to breaches. Similarly, businesses will need to establish or enhance their incident management protocols to comply with these timely reporting requirements, reducing potential damage from cyber incidents.
Licensing of Cybersecurity Service Providers: The Act introduces the Cyber Security (Licensing of Cyber Security Service Providers) Regulations 2024, which mandate licensing for providers of managed security services and penetration testing. This aims to elevate the quality and reliability of cybersecurity services in Malaysia.
For businesses, this means working with licensed providers to ensure that they receive high-quality, reliable cybersecurity support. It also underscores the importance of selecting service providers who adhere to recognised standards.
