- In Malaysia, Act 854 establishes a safe and resilient online habitat.
- establishes regulations for security companies and regulates NCII sectors to counteract threats.
Communications security and data morality are top priorities for governments and organizations in today’s increasingly interconnected world. This requires sufficient regulation guardrails in fast-growing digital economies like Malaysia to reduce risk and promote growth. The introduction of Malaysia’s Cybersecurity Act 2024 ( Act 854 ) was intended to accomplish all of these goals while safeguarding critical infrastructure, protecting citizens, and enhancing the country’s resilience to changing threats.
The policy aims to strengthen digital defenses among Malaysia’s most crucial organizations and prepares Malay businesses for success both domestically and internationally. The Act promotes economic growth by boosting business confidence and facilitating smoother international trade and cooperation, according to Dr. Megat Zuhairy, CEO of the National Cyber Security Agency ( NACSA ).
Additionally, it opens the door to additional rules and amendments, such as a new Malaysian Cybercrime Bill being developed to address contemporary threats in an ever-evolving chance landscape. This has the ability to address both the growing threats to network and communication security and enhancements to safeguard against website harm.
In order to meet the Budapest Convention on Cybercrime and the UN Convention Against Cybercrime in June 2025, Dr. Megat claimed that this innovative Cybercrime Bill, which will be introduced in October, was essential for Malaysia to adopt as part of its national and international commitment to combat crime.
laying the groundwork for a secure online coming
Act 854 provides a solid foundation for Malaysia’s protected and tenacious digital ecosystem. It places an emphasis on protecting the National Critical Information System (NCII ), which englobes 11 vital sectors, including state, bank, defense, and healthcare, where disruptions could threaten national security, the market, or public balance. The Act also establishes a complete regulatory model, mandating steps, requirements, and protocols for NCII sectors, and regulates the security services sector to provide strong protection against changing threats and vulnerabilities.
The National Cyber Security Committee’s formation, the responsibilities of the NCII sector’s leaders and entities, and the National Cyber Security Agency’s ( NACSA ) Chief Executive’s clear responsibilities are among its key characteristics.
Businesses and service providers are required by the law to adopt strict security practices, conduct regular risk assessments, report incidents swiftly, and adhere to licence and incident management protocols. Organizations that run important systems within the NCII sector must abide by these strict standards.
Act 854 is a proper facilitator, in addition to its safe works. Strong cybersecurity systems are essential for businesses because of the growing interlinking of international trade, both to ensure safe cross-border procedures and growth, and to comply with regulations.
Act 854 strengthens Malaysia’s security framework by ensuring that businesses are recognized as trustworthy world players in accordance with international requirements like ISO/IEC 27001 and NIST. Buyers who place a premium on supply chain security and data protection are drawn to this in turn.
First step in ensuring adherence with Act 854: reducing supply chain challenges
No nation can be isolated in a world where online interconnectivity is growing and where trusted, safe communications are possible. Malaysia has taken proactive steps in response to this and has collaborated with BlackBerry, a global safe communications company, to strengthen its digital defenses and promote the development of its cyber workforce through capacity building and innovation.
The establishment of a Cybersecurity Center of Excellence (CCoE ) in Kuala Lumpur is a significant initiative. This world-class service, which has been operational since March 26, 2024, is supported by a C$ 3.9 million ( RMRM12.2 million ) funding from the Government of Canada and focuses on developing computer power through training and coaching to improve overall endurance in Malaysia and ASEAN. Almost 2000 men and women have taken courses at the CCOE to date, representing a range of ability levels.
Organizations must first address supply chain risks, especially in high-risk areas like operating systems and IoT parts, in order to comply with Act 854. A survey conducted by BlackBerry and unveiled by Christine Gadsby, ( pic ) vice president and chief information security officer of BlackBerry in 2024, revealed troubling findings.
Gadsby noted that “79 % of Malaysian software supply chains were targeted by cyberattacks in 2023, exceeding the global average of 76 %.” And if that weren’t bad enough, there was more bad information. Additionally, 81 % of respondents discovered unidentified (unreported or unaccounted-for third-party ) members in their supply chains, she continued.
Gadsby urged IT leaders to address the lack of awareness as a top priority, citing the risk that invisible supply chain flaws pose to businesses. She added that the financial and operational costs of these attacks were significant, noting that “66 % of businesses reported financial losses, 59 % experienced data breaches, and 59 % experienced financial loss.
The findings highlight the urgent require for stringent security measures, such as endpoint protection and “out of band” stable communications solutions, to secure supply chains, ensure functional continuity when outages or attacks occur, and adhere to strict international standards.
growing confidence in Malaysia’s modern business
Government departments are provided with a comprehensive set of robust technology solutions designed to ensure data dignity, independence, and communication endurance at every level by BlackBerry solutions deployed in Malaysia.
SecuSUITE® for secure communications up to classified level, UEM ( Unified Endpoint Management ) for secure management of workforce devices anywhere, and BlackBerry AtHoc® for mission-critical communications and incident response. These solutions offer full online independence, giving organizations complete command over communications data, system, and operations. They are trusted by NATO and governments around the world, including all of the G7 and the majority of the G20.
More than 70 % of US Federal government departments already use the critical event management ( CEM) platform AtHoc. In Malaysia, it can also help NCII by enhancing compliance, simplifying incident response, and providing real-time situational awareness. By enabling timely notifications to the relevant authorities, automating regulatory reporting, and supporting crisis management drills, it assists customers in adhering to Act 854. The platform’s secure communication channels help protect sensitive data, and its ability to issue public alerts in emergencies improves coordination, readiness, and effectiveness in critical situations.
promoting a security-first culture
Building a strong security-first culture is crucial for long-term resilience, as human error continues to be the main cause of security breaches. As threat actors become more sophisticated in how to create attacks using messaging apps like Whatsapp or successfully intercepting telco-networks, as reported by the FBI and CISA in the United States last year, this is becoming more of a concern.  ,
Such tactics might include using AI to spew fake information in a very specific way for political or financial gain. Alternatively, AI technology can be used to compile valuable information on high-value targets by analysing stolen communications metadata on the web or through consumer messaging apps like location, contacts, and more.  ,
In this new era, it is crucial to bridge knowledge gaps through ongoing training and positive reinforcement, as well as ensuring the use of appropriate tools for workplace communications. Your risk exposure will be reduced by equipping employees with the tools to recognize” Deepfakes” and effectively respond to threats, or adopt more responsible mobile and cyber-hygiene practices.
BlackBerry emphasizes the value of incorporating a strong sense of cybersecurity best practices into the fabric of organizational culture, calling for a constant and collaborative commitment. Employees, leaders, and stakeholders are unified in a well-established cybersecurity culture, making compliance a proactive, organisation-wide initiative. Businesses can reduce insider risks, safeguard crucial assets, and strengthen their overall security posture by cultivating this approach.
Conclusion
The forthcoming Cybercrime Bill, which will be introduced later this year, helps to pave the way for a more secure digital future thanks to Malaysia’s Cybersecurity Act 2024 ( Act 854 ) and the forthcoming Cybersecurity Act. Government and businesses are working together locally and internationally to promote a security-first culture that promotes compliance and global competitiveness in tandem with strong regulation and the adoption of advanced solutions. Organizations and their employees are empowered to protect digital assets and prosper in an interconnected, fast-evolving economy thanks to people-focused initiatives like the Cybersecurity Center of Excellence.