TLDR:
Key Points:
- The Cyber Security Act 2024 in Malaysia focuses on safeguarding critical information infrastructure against cyber threats.
- The Act introduces regulations for risk assessment, incident notification, licensing for cybersecurity service providers, and penalties for non-compliance.
Summary:
Made effective on June 26, 2024, Malaysia’s Cyber Security Act 2024 aims to protect the nation’s critical information infrastructure (CII) from cyber threats. The Act establishes the National Cyber Security Committee, defines the roles of the National Cyber Security Agency, and requires licensing for cybersecurity service providers. The territorial scope of the Act extends beyond Malaysia’s borders, mirroring Singapore’s Cybersecurity Act. The Act introduces stringent regulations for entities classified as National Critical Information Infrastructure, including yearly risk assessments and audits. Incident notification requirements mandate immediate reporting of cybersecurity incidents to relevant authorities. Licensing for Cyber Security Service Providers is mandatory, with severe penalties for non-compliance. Offenses and penalties under the Act range from fines to imprisonment for non-compliance with cybersecurity practices. Overall, the Cyber Security Act 2024 in Malaysia places a strong emphasis on enhancing cybersecurity measures and ensuring compliance with regulatory requirements.