Malaysia’s Cyber Security Act 2024 officially comes into effect today, August 26, 2024, following its royal assent on June 18. This landmark legislation is set to bolster national cybersecurity with a range of new measures aimed at protecting critical digital infrastructure. The Act introduces several key provisions, including the formation of the National Cyber Security Committee (JKSN) and the appointment of a Chief Executive for the National Cyber Security Agency (Nacsa), who will oversee cybersecurity efforts across the nation.
Under the new regulations, National Critical Information Infrastructure (NCII) entities are now required to conduct annual cybersecurity risk assessments and audits at least every two years. These assessments are crucial for identifying and mitigating potential vulnerabilities in critical systems. Additionally, the Act mandates that NCII entities report any cybersecurity incidents immediately, with preliminary details to be submitted within six hours and additional information within 14 days.
The Act also addresses the regulation of cybersecurity service providers through new licensing requirements, which apply to companies offering Managed Security Operation Centre (SOC) Monitoring Services and Penetration Testing Services. This ensures that service providers meet stringent standards for protecting against and responding to cyber threats.
Furthermore, the Cyber Security (Compounding of Offences) Regulations 2024 outline penalties for non-compliance with various provisions of the Act. These regulations emphasize the government’s commitment to enforcing cybersecurity standards and addressing violations effectively. With the implementation of the Cyber Security Act 2024, Malaysia aims to significantly enhance its cyber defense capabilities and ensure the security of its digital landscape.
Reference:
