The National Tech Association of Malaysia (PIKOM) has commended Digital Minister Gobind Singh Deo (centre) for the ‘swift’ implementation of the National Cybersecurity Act which is set to further safeguard the country’s national infrastructure.
The Act, which was enacted on 26 August 2024, introduces stringent measures to protect critical infrastructure and enhances regulatory oversight, providing much-needed security in a digital age increasingly plagued by cyber threats.
PIKOM’s cybersecurity chapter chairperson and association secretary Alex Loh (left) said that the act is expected to elevate Malaysia’s overall cybersecurity posture.
“The National Cybersecurity Act is a significant step in ensuring that Malaysia’s critical infrastructure and digital environment are safeguarded from emerging threats,” said Loh.
“It also sends a strong message to industries on the importance of proactive cybersecurity measures,” added Loh, who is also Nera (Malaysia) Sdn Bhd’s senior vice president of global sales and solutions.
He went on to highlight PIKOM’s involvement in consultations during the drafting stages of the bill, commending Minister Gobind Singh Deo for his efforts in ensuring industry voices were heard before the act was formally implemented.
Loh was speaking at a cybersecurity event recently which was organised by LGMS Berhad and which was hosted by LGMS chairman Fong Choong Fook (right).
It received overwhelming response from businesses keen to understand the implications of the new legislation.
Under the act, company directors are held personally liable for non-compliance and could face fines of up to RM500,000 and potential imprisonment.
“This level of accountability has naturally raised concerns among industry leaders about the readiness of various sectors to adapt to the requirements set out in the Act,” said Loh.
The act designates eleven sectors as National Critical Information Infrastructure (NCII), including banking, finance, government, national security, water, sewage, waste management, agriculture, plantation, trade, industry, economy and healthcare services, as well as transportation, information, communication and digital, energy, and science, technology and innovation.
“The protection of these sectors is central to the Act, with NCII operators mandated to conduct cybersecurity risk assessments annually and cybersecurity audits every two years,” said Loh.
Furthermore, any cybersecurity incident must be reported within six hours, with a comprehensive report submitted within fourteen days,” he added.
The act also introduces four subsidiary regulations covering risk assessment and audit, incident response, compoundable offenses and the licensing of service providers.
Meanwhile, LGMS’ Fong said that these regulations aim to streamline cybersecurity practices, ensuring a uniform approach across NCII sectors while allowing specific compliance measures to be tailored to each sector’s needs.
Fong added that the Act would significantly enhance national cybersecurity by stimulating the growth and maturity of various sectors.
He also advised companies to embrace cybersecurity as a fundamental part of their operations and recommended conducting regular cybersecurity assessments, including penetration testing, to proactively identify and mitigate vulnerabilities.
“The act not only requires businesses to meet specific standards but also encourages them to elevate their cybersecurity practices as part of a broader effort to secure the nation’s digital ecosystem,” he said.
“While challenges remain regarding the act’s implementation and enforcement, it represents a crucial step towards a more resilient digital infrastructure, ensuring that Malaysia is well-prepared to face the evolving cybersecurity landscape,” added Fong.





