Malaysia Passes Cyber Security Act 2024

Monumental legislation was passed in Malaysia on June 26th in the form of The Cyber Security Act of 2024. This crucial law is an important step in strengthening Malaysia’s efforts to become more digitally secure.

For one, the Act will establish the National Cyber Security Committee. The Chief Executive of the National Cyber Security Agency (NACSA)’s responsibilities and duties are also outlined in the act, as well as specific roles for the nation’s critical information infrastructure sector leads and entities.

Another important part of the Act is that it created a new mandate. Now, only specifically qualified and licensed entities will be authorized to perform cybersecurity services. This step will help ensure that only cybersecurity specialists with the right knowledge and credentials can make an impact on the nation’s cybersecurity.

Under the new terms of the law, all entities that are currently classified as National Critical Information Infrastructure (NCII) will be subject to new stringent audit regulations and risk assessments. These entities will be required to perform a cybersecurity risk assessment at least once every year where they will need to evaluate their potential vulnerabilities. Every two years, these entities will need to submit to a broader audit that analyzes the entity’s cybersecurity. This audit process may occur more frequently as ordered by the Chief Executive of the National Cyber Security Agency.

The law establishes the following industries as NCII sectors: the government, healthcare, energy, agriculture, trade, industry, economy, science, technology, innovation, banking and finances, information, communication, digital, defense, national security, transportation, water, waste management, and sewage treatment.

If a cybersecurity incident does occur, NCII entities must immediately inform the Chief Executive of NACSA and their sector leads. This notification should be made electronically as soon as the security incident is identified. A report should be filed within six hours, and a detailed report should be submitted within 14 days.

Failing to adhere to these new cybersecurity laws will result in significant penalties. The Act outlines the ability to levy fines of up to $43,549 for those caught violating the terms, and it could also result in imprisonment for up to three years for the perpetrator. When violations are more severe, the Act allows imprisonment of up to ten years and fines of up to 500,000 ringgit.

Are You Complying With Cyber Security Regulations?

Is your business currently complying with the cybersecurity regulations in your area? If you’re not sure, then it might be a good time to consult with a cybersecurity specialist in your area. The right expert will be able to help you identify the laws in your area as well as the key vulnerabilities that your business is likely to have based on your industry.

If you choose to work with us here at CyberSec Bahrain, our team will execute a comprehensive vulnerability assessment and help you determine the best possible course of action to secure your company to the fullest. We’ll make sure that you’re adhering to all the laws in your area.

Schedule a call with our team now to get started.