The cyberthreat days of 2024 are in the rear view, but they sure tell us what lies ahead this year. Take 2024.
The final number for last year isn't in yet, but estimates by cybersecurity types put the global cost of cybercrime at US$9.3 trillion, and if Cybercrime Magazine's portal is right, this year will see it hit US$10.5 trillion.
As long ago as 2021, the portal reckons, cybercrime became the world's third largest "economy" after the United States and China, a dark and deep web economy though it is.
It is an inaccessible subterranean world where terrifying transactions take place only to be executed in the surface digital space, with equally horrifying impact on the brick-and-mortar world.
Welcome to the horror of the computer-connected world, whose "natural" resource is data.
The new black gold, if you like. Many extol the opportunities for innovation in this zettabyte world. But one mustn't forget, where innovation is, there is malice, too.
What can nations do to curb such malice in this post-Westphalian cyberworld?
Make the digital space safe, secure and resilient.
Or as the cybersecurity types say, make the cyberresilience of everything and anything that has an electronic pulse more muscular.
Malaysia is not quite there, according to a study conducted in 2023 by the Tech for Good Institute, a think tank.
Unsurprisingly, Singapore is the only Southeast Asian country that is nestled in the cyberresilient quadrant.
The good news is, Malaysia is second only to Singapore in the region.
Not an unimpressive performance given the heft of the island state's economy.
Malaysia's Cybersecurity Act 2024, which came into force recently, and other strategies by Cybersecurity Malaysia, the national cybersecurity agency under the Digital Ministry, may just help place the country in the cyberresilient country quadrant soon.
Lawyers are not exactly waxing lyrical about the law, but do welcome its timely introduction into what has thus far been a patchy cybersecurity universe of legislation.
The reason for the diluted enthusiasm is the law's denial of any right of private action by victims of cybersecurity breaches.
Victims must never be left without redress.
This is a big downside of the Cybersecurity Act 2024, though not the only one.
We may have more to say of this in the future.
Be that as it may, legislation alone wouldn't make the country's digital space safe, secure and resilient.
More is needed, especially given the extensive use of sophisticated artificial intelligence (AI) by cybercriminals.
To be realistic, no country can be one hundred per cent prepared. Cyberthreats are getting more and more hostile in the country.
According to Cybersecurity Malaysia, 5,664 cyberthreat incidents were reported last year.
Unsurprisingly, 3,817 of these involved incidents related to fraud. Malware was somewhere there.
A World Economic Forum survey says innovation in AI will favour cyberattackers more than defenders in a 56-to-44 per cent score.
Vigilance in the whole chain of cyberthreats — before, during and after — is the key, say experts.
If "before" is cybersecurity, then "during" and "after" are cyberresilience.
If 2024 was the year of cybersecurity, 2025 must be the year of cyberresilience.