A cybersecurity study reveals 30% of assessed Malaysian public-listed companies have a high likelihood of being hacked, highlighting a critical need for stronger cyber defences.
KUALA LUMPUR: A new cybersecurity study has found that about 30% of assessed Malaysian public-listed companies (PLCs) have a cyber risk posture associated with a high likelihood of being hacked if specifically targeted.
The finding underscores an urgent need for these companies to strengthen their cyber defences.
The study was conducted by Malaysian cybersecurity consulting firm LGMS Bhd. It was based on a non-intrusive, outside-in assessment of 186 listed companies selected by top revenue sizes within their respective industry sectors.
LGMS used publicly available commercial and open source internet data to evaluate each company’s visible cyber posture from a hacker’s perspective. From the sample of 186, 54 companies received an ‘F’ rating, which indicates the highest risk.
The score summary showed only 26 companies received an ‘A’ rating and 46 a ‘B’ rating. A further 33 were rated ‘C’, 27 ‘D’, and 54 ‘F’.
In total, 114 of the 186 listed companies assessed fell below the top two rating bands. This points to broad room for improvement in terms of external cyber resilience.
Companies rated ‘A’ were described as having relatively limited visible exposure. ‘F’-rated entities were described as having a very large attack surface and a high likelihood of suffering successful unauthorised access if targeted.
“F-rated entities are 13.8 times more likely to be breached compared with A-rated entities,” LGMS said. The comparable multiples were 2.9 times for B-rated entities, 5.4 times for C-rated entities, and 9.2 times for D-rated entities.
LGMS noted that many visible findings in the lower-rated group appeared to stem from websites and servers. This indicates internet-facing systems remain a significant point of weakness for many organisations.
“Some cases may show signs of suspicious activity, although the outside-in methodology provides only high-level visibility rather than full internal forensics,” it said. The findings suggest a sizeable portion of Malaysia’s listed companies may still have a visible attack surface that could be exploited.
“Hence, the responsible course is to identify those weaknesses early, reduce unnecessary exposure and strengthen safeguards before hackers take advantage of them,” it added.
LGMS said it welcomes inquiries from public-listed companies interested in understanding their external cyber risk posture. It would share relevant findings to help them identify potential areas for improvement.









