6 days ago
RM1.2 billion cyber-related losses recorded last year
PETALING JAYA: Malaysia recorded about RM1.2 billion in cyber-related losses last year, underscoring an urgent need for a more coordinated approach to national cybersecurity readiness, said National Tech Association of Malaysia secretary-general Anthony Raja Devadoss.
He said the losses, which involved both commercial and consumer sectors, were driven by a surge in cyber scams and increasingly sophisticated attacks powered by artificial intelligence. He added that scam calls alone rose by 82%.
Anthony said while Malaysia has made regulatory progress with the Personal Data Protection Act (PDPA) and the proposed National Cyber Security Bill, the country continues to struggle with uneven awareness and inconsistent implementation, particularly among SMEs.
'Framework-wise, Malaysia is moving in the right direction. But we tend to announce regulations first and expect compliance the next day. That's a major concern.
'We need scalable cybersecurity practices, not just firewalls. Small firms must have access to certified talent, and if they can't afford to hire directly, government-supported partnerships should be made available.'
He suggested establishing a gov-tech alliance, a government-industry initiative focused on modernising public sector digital infrastructure, improving cybersecurity standards and ensuring that local councils and agencies adopt the latest technologies, in line with national security priorities.
'Cybersecurity is not exclusive. The impact cuts across every sector. Whether you're in finance, telco or healthcare, the consequences of a breach are widespread – reputational and financial.'
He said cybersecurity must be treated as a cultural shift, not just a technical challenge.
'We're not just talking about software but also awareness, behaviour and trust. That starts at home, not just in the workplace.'
He said Malaysians often underestimate personal responsibility in digital safety, and high levels of social trust have led to risky habits such as unsecured device use as well as sharing of sensitive information within households.
'The trust bank is so high here. We leave our devices unlocked, we give out our passwords,' he told theSun.
'So, when we talk about needing to enhance our tech, human errors and complacency need to be looked into as well.'
BAC Education Group founder and managing director Raja Singham echoed similar concerns, particularly about the compliance burden placed on smaller businesses under current regulations.
He said the 20,000 data-subject threshold for compliance under PDPA effectively pulls in almost every organisation, from supermarkets to educational institutions.
'Even a mid-sized college like BAC holds well over 20,000 data records. Everyone gets caught.'
Raja said SMEs, which make up over 90% of Malaysian businesses, are often left scrambling to comply with new mandates without adequate time or support.
'We roll things out very quickly and then threaten penalties. However, most SMEs don't have the manpower, training or budget to respond immediately.'
He added that the shortage of skilled professionals, such as privacy officers and cybersecurity leads, has left many firms unable to comply meaningfully.
'These are now mandatory roles. But for many businesses, they're seen as added expenses, and no one knows whom to hire or how to train them.'
On recent leaks involving government websites, Raja attributed the problem to outdated infrastructure.
