KUALA LUMPUR: The Securities Commission (SC) is preparing the market to address challenges stemming from technological advancements through initiatives such as the Capital Market Cyber Simulation (CMCS) and the Guidelines on Technology Risk Management (GTRM).
Chairman Datuk Seri Dr. Awang Adek Hussin highlighted the rapid evolution of technology both domestically and globally, leading to a growing reliance on external service providers, particularly in areas such as artificial intelligence and cloud computing.
However, these advancements come with inherent risks, from cybersecurity vulnerabilities to regulatory compliance concerns.
"I have been informed that many industry players still fall short in their cyber hygiene practices, even in terms of basic controls for critical systems.
"This is highly concerning because such basic hygiene is fundamental to an organisation's ability to defend itself, and our analysis suggests that inadequacies lead to cyber-attacks, ransomware, and even data loss.
"Many organisations also not keeping up with key security practices like penetration testing, vulnerability assessment, hardening practice, privileged access management, and regular review of user ID, to name a few.
"This is alarming, especially with cyber incidents such as ransomware and data breaches becoming more common," he said in his welcoming remarks at the CEO Engagement SCxSC: C-Suite forum on managing technology and cyber risks.
According to him, the use of third-party services, such as cloud services, is increasingly prevalent.
"We find that organisations can do better at managing risks related to third-party service providers by putting proper frameworks in place," he said.
The implementation of the GTRM is set for August 1, 2024, with the objective of aiding market participants in developing robust technology risk governance and oversight structures.
Additionally, companies are mandated to submit a declaration of compliance with the GTRM to the SC by the first quarter of 2025. Further information regarding this procedure will be communicated closer to the effective date of the guidelines.
"The Capital Market Cyber Simulation serves as a testament to the SC's proactive approach to preparing the industry for cyber incidents.
"By simulating real-world scenarios, organisations can test their response and recovery strategies, thereby strengthening their resilience against potential cyber threats," he added.