Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily

View

Malaysia Cybersecurity Act 2024

Last Updated on December 18, 2024

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The Malaysia Cybersecurity Act 2024 (Act), effective August 26, 2024, represents a landmark legislation designed to ensure the secure utilization of digital technology and tools while strengthening the country's security posture against evolving cybersecurity risks.

The Act establishes a National Cyber Security Committee. It appoints the Chief Executive of the National Cyber Security Agency (NACSA) to oversee the implementation of cybersecurity policies, coordinate national efforts against cybersecurity threats, and ensure compliance. It also designates certain computers or computer systems as National Critical Information Infrastructure (NCII) and requires organizations to report incidents, conduct audits, and implement cybersecurity measures.

The Act applies extraterritorially and introduces licensing for cybersecurity service providers to protect Malaysia's digital infrastructure. It also provides detailed noncompliance penalties and enforcement mechanisms to align with international standards while responding to the specific challenges faced by Malaysian individuals, businesses, and government entities. Thus, this legislation underscores Malaysia’s commitment to strengthening cyber resilience and fostering a secure digital ecosystem.


The Solution

Securiti enables organizations to comply with the Malaysia Cybersecurity Act 2024 through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises in their journey toward compliance with the Malaysia Cybersecurity Act 2024 through automation, enhanced data visibility, and identity linking.

Malaysia Cybersecurity Act 2024

Automate Assessments and Internal Audits

Section: 22
Cyber Security Act Regulations (Period for Cyber Security Risk Assessment and Audit) Section: 2,3

Use our collaborative, multi-regulation readiness assessment system to measure your organization's posture against the Act’s requirements, identify gaps, and address compliance risks. Additionally, conduct internal audits to assess security posture.

Automate Assessments and Internal Audits
Automate Incident Management

Automate Incident Management

Section: 23, 35

Automate the incident response process by instnalty obtaining incident details, identifying the scope, and optimizing notifications to users and regulatory bodies to comply with global privacy regulations.

Automate Data Breach Response Notifications

Section: 23, 35
Cyber Security (Notification of Cyber Security Incident) Regulations 2024 Section: 2, 3

Track and manage potential incidents and data breaches with automated notification guidance based on global regulatory requirements. Issue prompt notifications to avoid noncompliance.

Automate Data Breach Response Notifications
Implement Data Classification and Maintain Records

Implement Data Classification and Maintain Records

Section: 32

Classify and label data to ensure appropriate security controls are enabled on your organization’s most sensitive data. Collect and maintain an inventory of data assets and data processing activities in a sensitive data catalog to generate Records of Processing Activities (RoPA).

Implement Security Controls & Policies

Section: 6

With complete visibility into your security posture across cloud data systems, you can gain granular insights into your data. Our policy engine allows you to apply security controls and sensitivity labels and use predefined or custom rules to automate data governance and protection.

Implement Security Controls & Policies

Key Facts about the Malaysia Cybersecurity Act

1

The Act was formally gazetted on June 26, 2024, and enacted on 26 August 2024.

2

The Act refers to National Critical Information Infrastructure (NCII) which are computer or computer systems whose disruption could harm Malaysia's national functions, government operations, public safety, or public order.

3

​​The Act aims to enhance Malaysia's cybersecurity by regulating National Critical Information Infrastructure, managing cybersecurity threats and incidents, and ensuring the compliance of cybersecurity service providers.

4

The Act requires NCIIs to perform cybersecurity risk assessments and audits, implement codes of practice, and notify authorities of incidents.

5

The Act applies to all persons and entities involved in managing NCII or providing cybersecurity services, both within Malaysia and internationally, when their actions impact Malaysia’s cybersecurity.

6

The Act establishes stringent penalties for cybercrimes, including substantial fines and imprisonment, depending on the severity of the offense.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New