As Malaysia accelerates its digital transformation journey, the cybersecurity landscape continues to evolve rapidly. This comprehensive report examines the current state of cybersecurity in Malaysia, emerging threats, regulatory developments, and what organizations need to prioritize in 2025.
Executive Summary
Malaysia's cybersecurity maturity has improved significantly over the past year, driven by increased regulatory enforcement, growing awareness of cyber risks, and high-profile incidents that have made cybersecurity a boardroom priority. However, significant challenges remain, particularly in the SME sector and critical infrastructure protection.
Key Findings
- • Ransomware attacks increased 67% year-over-year in Malaysia
- • 78% of Malaysian organizations experienced at least one cyber incident
- • Average cost of a data breach reached RM 4.2 million
- • Only 34% of Malaysian SMEs have dedicated cybersecurity personnel
- • Financial services remains the most targeted sector
Threat Landscape
Ransomware Epidemic
Ransomware continues to be the most significant threat facing Malaysian organizations. The manufacturing, healthcare, and education sectors have seen the largest increases in attacks. Threat actors are increasingly targeting Malaysian organizations specifically, with ransom demands often calibrated to Malaysian ringgit values.
Business Email Compromise
BEC attacks targeting Malaysian businesses have become more sophisticated. Attackers are conducting extensive reconnaissance, often monitoring email communications for weeks before striking. The average loss per successful BEC attack in Malaysia is RM 380,000.
Supply Chain Attacks
The interconnected nature of Malaysian businesses means supply chain attacks have cascading effects. Several incidents in 2024 demonstrated how a single compromised vendor can affect dozens of downstream organizations.
Regulatory Developments
Bank Negara RMiT Enforcement
Bank Negara Malaysia has increased enforcement of the Risk Management in Technology (RMiT) framework. Financial institutions that fail to demonstrate adequate cybersecurity controls are facing supervisory action. The regulator has made clear that cybersecurity is now a key component of prudential supervision.
PDPA Enforcement Ramp-up
The Personal Data Protection Department has increased enforcement activities, with several high-profile fines issued to organizations that failed to protect personal data. Organizations should expect continued scrutiny and should ensure their data protection practices are robust.
Industry Spotlight: Financial Services
The financial services sector remains the most targeted industry in Malaysia. Banks, insurance companies, and fintech firms face a constant barrage of attacks. Key challenges include:
- Securing digital banking platforms against increasingly sophisticated attacks
- Protecting customer data across multiple channels
- Managing third-party and vendor risks
- Maintaining compliance with RMiT while enabling innovation
- Building and retaining cybersecurity talent
Recommendations for 2025
1. Prioritize Ransomware Preparedness
Implement robust backup strategies, test recovery procedures, and develop incident response plans specifically for ransomware scenarios.
2. Invest in Security Awareness
Human error remains the leading cause of breaches. Regular training and simulated phishing exercises are essential.
3. Conduct Regular Penetration Testing
Annual penetration tests are no longer sufficient. Consider quarterly testing of critical systems and continuous vulnerability assessments.
4. Strengthen Supply Chain Security
Assess the security posture of key vendors and implement contractual security requirements.
5. Prepare for Regulatory Changes
Stay ahead of evolving compliance requirements by building flexible security programs that can adapt to new regulations.
6. Consider Managed Security Services
For organizations lacking internal expertise, partnering with a managed security provider can provide 24/7 protection.
Conclusion
Malaysia's cybersecurity landscape in 2025 presents both challenges and opportunities. Organizations that take a proactive approach to security—investing in people, processes, and technology—will be better positioned to protect themselves and thrive in an increasingly digital economy. Those that delay action risk becoming the next headline.
About This Report
This report is based on nCrypt's analysis of threat intelligence data, incident response engagements, and consultations with Malaysian organizations across multiple sectors. For a detailed briefing tailored to your industry, contact our team.