Enhancing and safeguarding Malaysia’s cybersecurity landscape
In safeguarding Malaysia’s cybersecurity infrastructure, the Cyber Security Bill 2024 was approved by the Malaysian Parliament on 27 March 2024. The Bill aims to improve and protect the cybersecurity environment in Malaysia, and introduces requirements for the designated entities within the National Critical Information Infrastructure (NCII) sectors to comply with, in the Code of Practice, specific standards, measures, and processes, when handling cybersecurity incidents.
Significantly, the Bill introduces a regulatory framework for the eleven NCII sectors. Moreover, NCII sector leads are empowered to designate any entity which owns or operates any NCII as a designated NCII entity, and prepare Codes of Practice.
In addition to the governance and Code of Practice aspects, the Bill’s scope extends to:
- Compliance and reporting;
- Licensing of cybersecurity service providers; and
- Enforcement and penalties.
Designated NCII entities are subject to a number of obligations including:
- Providing information to the relevant NCII sector lead when requested.
- Complying with any relevant codes of practice issued by NCII sector leads.
- Conducting cybersecurity risk assessments and audits.
- Notifying the relevant NCII sector lead and the Chief Executive when they become aware of a cybersecurity incident.