KUALA LUMPUR: The National Cybersecurity Act 2024, which came into force last month, is set to strengthen Malaysia's defences against rising cyber threats, particularly as data breaches hit new record highs.
IBM Malaysia managing director and technology leader Dickson Woo commended the government's commitment to cybersecurity, calling the legislation a "timely and significant step" in the face of growing digital vulnerabilities.
"The act strengthens Malaysia's cybersecurity stance by clearly outlining responsibilities for managing risks and reporting incidents, particularly for organisations overseeing critical information infrastructures," Woo said in a statement.
Citing the IBM 2024 Cost of a Data Breach Report, Woo said cyber threats posed by data breaches across the Asean region were increasingly growing.
"In 2024, the average cost of a breach reached US$3.23 million, a 6.0 per cent rise from the previous year. Critical infrastructure sectors were hit hardest, with financial services incurring the highest breach costs at US$5.57 million," he added.
Woo said Asean's digitisation efforts are progressing rapidly, but the shortage of cybersecurity professionals is a challenge.
This, combined with the complexity of managing dispersed digital environments, leaves organisations vulnerable to cybercriminals.
"That's why the implementation of the National Cybersecurity Act is so crucial. It provides the legal framework and necessary guidelines to help organisations safeguard their systems, mitigate risks, and respond swiftly to cyber threats," added Woo.
The study noted that 56 per cent of organisations in the region have begun using AI and automation technologies to enhance their security operations.
These organisations saw significant benefits, with AI-driven solutions reducing the average lifecycle of a breach by 99 days and saving US$1.42 million in breach costs.
"AI provides new tools for defenders to identify and respond to threats quickly," Woo said. "But it also expands the attack surface, introducing new risks. Security can no longer be an afterthought – organisations must invest in AI-driven defences to stay ahead."
Phishing emerged as the most common attack vector in Asean, accounting for 16 per cent of breaches, with costs averaging US$3.39 million per incident.
Stolen credentials and business email compromise followed closely behind.
Woo is of the view that, while AI holds the potential to address the skills gap, it can also be leveraged by bad actors to launch large-scale attacks.
"In a landscape where breaches are inevitable, investing in the right defence strategies is crucial. AI-driven technologies will be key to safeguarding businesses and maintaining customer trust," he said.