KUALA LUMPUR: The Cyber Security Act 2024 (Act 854), which came into force on Monday, marks a crucial advancement in strengthening Malaysia’s cyber security framework.
LGMS Bhd chairman Fong Choong Fook said Act 854 establishes important regulatory bodies and clearly defines the duties for managing risks and reporting incidents among organisations that are responsible for critical information infrastructures.
“This initiative demonstrates the government’s strong commitment to advancing cyber security in our digital economy. It is a timely and proactive move, showing that the government is taking the right steps to enforce these crucial measures now,” Fong told SunBiz.
The objective of Act 854 is to boost national cyber security by creating the National Cyber Security Committee and defining the roles and powers of the chief executive of the National Cyber Security Agency (Nacsa).
The Act also assigns responsibilities to National Critical Information Infrastructure (NCII) sector leaders, sets guidelines for handling cyber threats and incidents, and establishes regulations for licensing cyber security service providers.
Several regulations were established under Act 854, which took effect on Monday.
First, the Cyber Security Regulations (Risk Assessment Period) require entities managing NCII to conduct a cyber security risk assessment annually and audits every two years.
Second, the Cyber Security Regulations (Incident Notification), require authorised individuals to report cyber security incidents electronically and submit initial details within six hours of awareness, followed by additional information within 14 days.
Third, the Cyber Security Regulations (Licensing of Cyber Security Service Providers) apply to individuals and companies providing cyber security services such as managed security operation centre monitoring and penetration testing.
Finally, the Cyber Security Regulations (Compoundable Offenses) specify offences that can be compounded as per certain subsections.
Fong said the Act and the accompanying regulations will make organisations and companies within the Critical National Information Infrastructure more vigilant about managing their security.
“By being more careful and proactive in managing their cyber security, we anticipate a reduction in data breaches, as companies are now legally required to prioritise cyber security. When it comes to online scammers, this is a separate issue that still requires extensive education,” he said, adding that the government plans to introduce a new bill on data privacy, which is a positive step.
By protecting personal data, Fong said, they can effectively reduce the number of scam cases.