KUALA LUMPUR: Malaysia is entering a new phase of cyber risk as artificial intelligence (AI) accelerates both the scale and sophistication of attacks, widening an already critical cybersecurity talent gap and pushing organisations into what industry leaders warn will soon resemble an “AI-versus-AI battleground”.
At Fortinet’s year-end media briefing today, country manager Kevin Wong said, cybercrime has evolved into a highly coordinated, always-on ecosystem that no longer operates in isolated pockets but mirrors an industrialised economy.
“This shows that cybercrime is no longer a set of isolated incidents. It’s a highly organised, industrialised system that keeps operating whether we’re online or not,” he said.
“Cyber risk today is not a single crisis. Threats are always on, always looking for the smallest gap to exploit.”
Wong said Malaysia’s digital landscape has become increasingly complex, with organisations struggling to secure fragmented systems, hybrid infrastructures and rapid shifts across cloud, OT environments and remote access. AI is compounding the issue, enabling attackers to strike “faster, smarter and far more customised than ever before”.
“The risk landscape is no longer defined by one big event. It’s a continuous set of pressures, constant, complicated and increasingly AI-driven,” he added.
“This is why the industry needs to shift from reactive defence to integrated, intelligence-led defence that simplifies complexity and automates response.”
Wong emphasised that when attacks take place in seconds, organisations cannot afford responses that take minutes. The future, he said, lies in automated containment, automated correlation and automated validation, capabilities that are becoming essential rather than optional.
“Intelligent security ensures we always stay alert, where every inspection and every decision is backed by real-time threat intelligence and AI,” he said.
Fortinet’s strategy is anchored on three pillars: secure networking, unified SASE and AI-driven security operations. Wong said these areas reflect where customers “need the most support today”, especially as hybrid work expands and SOC teams face fatigue amid rising volumes of automated attacks.
He noted that AI has been embedded into Fortinet’s work for over 15 years, powering more than 20 security solutions and driving capabilities such as FortiAI Protect, Assist and Secure. The company also holds more than 500 AI-related patents.
“AI is now deeply integrated across our security fabric,” Wong said. “It allows teams to interpret information faster, automate tasks that used to take hours and respond at the same speed and precision as the threats they face.”
Fortinet’s senior vice-president for Asia, Rashish Pandey, said 2026 could mark the emergence of fully agentic cyberattacks, autonomous, multi-step intrusions executed with minimal human input.
“We have not seen full agentic cybercrimes happen yet, but we forecast that in 2026 we will see the first wave,” he said, adding that defenders will need AI just to stay at the same speed, if not ahead.”
Rashish stressed that while attackers are moving toward full autonomy, defence will still require “humans in the loop” at critical decision points, even as high-volume work becomes heavily automated.
He warned that Malaysian companies cannot rely on legacy, piecemeal systems. Some organisations use up to 20 to 30 different cybersecurity tools, making coordinated detection and response nearly impossible. Consolidation, automation and AI-powered orchestration will become key priorities for 2026.
On the types of attacks gaining ground in Malaysia, he said ransomware and malware remain the fastest-growing threats. Two worrying trends are emerging: rising attacks on critical infrastructure such as utilities, healthcare and financial services, and a rapid increase in scams targeting the elderly and less tech-savvy communities.
SMEs, he said, are particularly vulnerable due to limited cybersecurity teams and deeper integration into global supply chains.
Looking ahead to 2026, Rashish said, Malaysia must adopt a “nationally coordinated response” involving government, vendors, academia and industry players.
“Cybersecurity is a team sport,” he said. “An attack in Malaysia can originate from any part of the world. The ability for national agencies to coordinate globally, share intelligence and learn from each other will be critical.”
