With Malaysia’s push towards digitisation makes an increase in cybersecurity risks inevitable. Malaysia’s cybersecurity market is projected to grow at a CAGR of 15-16% and is likely to be worth $607 million by the end of 2021. In a post-covid and digitally disrupted world, Malaysia is subject to increased instances of Fraud, Intrusion Cyber bullying in its digital space.
- Definition / Scope
- Market Overview
- Key Market Metrics
- Top Market Opportunities
- Market Drivers
- Market Restraints
- Industry Challenges
- Regulatory Trends
- Technology Trends
- Other Key Market Trends
- Market Size and Forecast
- Market Outlook
- Technology Roadmap
- Competitive Landscape
- Competitive Factors
- Key Market Players
- Strategic Conclusion
Definition / Scope
Cybersecurity is the protection of internet connected systems, including hardware, software and data from cyber attacks. Anything connected to internet is exposed to cyber threats. Cybersecurity is the need of the hour as of the rising cyber security complexity and proliferation of IoT, mobile networks and cloud-based channels, growing peer-to-peer transactions necessitating users to disclose personal identity as well as increasing adoption of emerging technologies such as robotics, artificial intelligence and quantum computing.
Anything McAfee, a cyber security firm projects that cyber crimes costs annual $450 billion to the global economy. In addition, it is estimated that the financial impact from cyber attacks is over $2 trillion in the ASEAN region. With digitization and connectivity becoming the norm of the 21st century, people and companies alike are exposed to the increasing risk of cyber threats such as:
- Malware is an all-encompassing term for a variety of cyber threats including Trojans viruses and bombs. Malware is simply defined as code with malicious intent that typically steals data or destroy something on computer.
- Phishing often pose as a request for data from a trusted third party phishing attacks are sent via email and asked users to click on a link and enter the personal data.
- Password attacks refers to an act where a third party try to gain access to user’s system by cracking the user’s password.
- DDoS stands for Distributed Denial of Service Ad or staff focuses on disrupting the service of a network. Attackers send high volumes of data or traffic through the network until the network becomes overloaded and can longer function.
- By impersonating the endpoint in an online information exchange that is the connection from smartphone to a website the Man in the middle attacks(MITM) attacks can obtain information from the end users and entity the users are communicating with. The MITM will receive all the information transferred between both parties which could include sensitive data bank accounts and personal information.
- in case of drive-by downloads, through malware on a legitimate website, a program is downloaded to a user’s system just by visiting the site it does not require any type of action by the user to download it.
- Maladvertising is a way to compromise your computer with malicious code that is downloaded to the system when you click an affected advertisement.
- Rogue software is basically malware that are masquerading as legitimate and necessary security software that will keep the system safe.
Cybersecurity is a key factor in Malaysia’s transition to a digital economy. In 2018, Malaysia is ranked 8th in the world in the global cybersecurity Index. The country is projected to contribute 75% of the ASEAN region’s cybersecurity services market by 2025. In 2019, Malaysia comprised 3% of the global cyber attacks. Malaysia had to lose 4% GDP amounting to $16.9 billion in revenue due to cyber attacks. The country is estimated to spend 6.6% of its GDP on building digital infrastructure.
In 2020, the global cybersecurity market was worth $173 billion and is estimated to grow to $270 billion by 2026. Cyber Security market is estimated to be $100 billion in 2017 and to grow to US$173 billion in 2022 at a CAGR of 11.6%. The Asia Pacific Cyber Security market is expected to outperform the global market, as of the rising demand for data safety and cybersecurity management. The market is expected to expand from a $20 billion in 2017 to $40 billion in 2022 at a CAGR of 14.6%.
As per the Ministry of Communication and Multimedia, amongst the ASEAN countries Malaysia stands at the top three market for cybersecurity. The country has been steadily investing in technology products and services which amounted to $15.6 billion in 2018.
the MCSS 2020-2024 is an all encompassing plan consisting of 12 strategies, 35 actions plans and 113 programs with an aim to transform Malaysia into a cybersecurity leader by nurturing local talents. The five pillars include:
Cyber security is a national priority in Malaysia which is led by Cyber Security Malaysia and supported by multiple government agencies to further coordinate and consolidate cybersecurity agenda.
|National Cyber Security Agency (NACSA)||It is a central agency in Malaysia to monitor and manage cybersecurity and cyber crime. It will provide leadership and guidance to children, youths, adults and parents along with institutions for protecting the government and CNII agencies’ networks, systems and data.|
|Cybersecurity Malaysia (CSM)||It is the National cyber security specialist agency under the purview of the Ministry of Communications and Multimedia Malaysia. CSM is the first corporate in Asia to join The Intelligence Network and provides specialized ICT services such as Cyber Security Responsive Services, Cyber Security Proactive Services, Outreach and Capacity Building, Strategic Study and Engagement and Industry and Research Development services.|
|Cyber Security Malaysia Collaboration Programme (CCP)||In 2019, CSM introduced the CCP, a public-private partnership for Malaysian registered companies that offers cyber security products and services and also foster innovation of Malaysia’s cyber security capabilities and capacities building through collaboration.|
|Bank Negara Malaysia (BNM)||It provides Risk Management guidelines for financial institutions to fight the surge in cyber crimes.|
|Malaysia Digital Economy Corporation (MDEC)||This agency under the Ministry of Communications and Multimedia Malaysia helps to implement the MSC Malaysia initiative which will help drive the digital economy of Malaysia. contributing 20% to the country’s GDP (highest among ASEAN nations) and 30% to ASEAN internet economy.|
|The National ICT Association of Malaysia||This association represents the information and communications technology (ICT) industry in Malaysia. Its has over 1400 membership companies involved in the spectrum of ICT products and services which contribute 80% of the total ICT trade in Malaysia.|
|Malaysian Communications and Multimedia Commission (MCMC)||It regulates the communications and multimedia industry. It promotes and implements government’s national policy objectives for the communications and multimedia sector and also oversees the regulatory framework for converging telecommunications and broadcasting industries and online activities under the Digital Signature Act 1997.|
Key Market Metrics
|Market Revenues (2021, USD)||$607|
|Market Growth Rate (2022-2025, %)||15-16%|
|Number of Companies in the market||–|
|Market Concentration (% of market share help by top 3 market players)||–|
Top Market Opportunities
The market for cyber security services in ASEAN is projected to reach $5.6 billion by 2025. Wherein the Malaysia’s cyber security market alone is estimated to be $607 million by 2021. ASEAN region appears to be keen on embracing digital economy. However, the region cyber security is still in early stage and is in short of talents and capabilities along with fragmented vendor relationships all of which is creating operational complexity and vulnerabilities. For continued cybersecurity commitment, it is estimated that between 2017-2025, ASEAN countries need to spend around $171 billion collectively on cybersecurity.
According to A.T. Kearney, ASEAN countries such as Indonesia, Malaysia and Vietnam are the hotspots for malware attacks especially relating to blocked suspicious web activities which is 3.5 times higher than the standard ratio. Considering this, Malaysia has high demand for hardware and software to counter advanced persistent threats (APT). Malaysia holds a four-year cyber security commitment which will not only ensure cyber security trust within the country but also for the entire 625 million people living in the ASEAN region.
Trusted and competent country in cyber security
Malaysia was ranked third in the list of the UN Global Cybersecurity Index conducted worldwide amongst 164 countries, for its continued commitment to cyber security. Malaysia’s cybersecurity landscape is rested on the collaboration between government, regulatory bodies, training agencies and private services providers. Amongst its ASEAN neighbors, Malaysia leads in relation to international engagement for company emergency response teams (CERTs), cybercrime awareness and digital economy.
Malaysia has many home-grown, professional ICT security service providers that essentially offer consultative and penetration services. Besides this, it is home to diverse solution and equipment providers from US and European which compliments its services.
Run programs with partner countries and regional exchanges
Malaysia has embedded cybersecurity in its foreign policy priority areas. It plans to develop cyber security international engagement plan and continue its efforts in driving regional Confidence Building Measures (CBMs). Malaysia continues to actively participate and contribute in regional, sub regional and multilateral cyber security collaboration efforts such as:
- The United Nations (UN)
- The Association of South East Asian Nations (ASEAN) and its dialogue partners
- The Asia-Pacific Economic Cooperation (APEC)
- The Commonwealth, the Organization of Islamic Cooperation (OIC)
- The Global Forum on Cyber Expertise (GFCE)
- The Asia-Pacific Computer Emergency Response Team (APCERT)
- The Forum of Incident Response and Security Teams (FIRST)
- The Council of Europe
In 2021 and beyond, the country appears to host and participate in many of the cyber security initiatives happening across the region. Some of which are as follows:
- Malaysia is going to host Cyber security Asia 2021 Conference
- Cyber security Salons Asia-Pacific 2021
- The ASEAN Political-Security Community Blueprint 2025
Malaysia’s Commitment to cybersecurity
In 2020, the Malaysian government announced that it would invest $434 million, in the course of four years, into the Malaysia Cyber Security Strategy (MCSS) to bolster its cyber security measures and protect its 10 Critical National Information Infrastructure Sectors.
Malaysia has also set up a National Cybersecurity Research and Development Roadmap which will help foster its National cyber security R&D program by promoting local industry and technology. With respect to this, Malaysia plans to build a shared Centre for excellence to promote the use of ICT security products and services. Key areas of cybersecurity R&D include:
- Privacy enhancing technology
- Digital signature
- Digital identity
- Entity authentication
- Encryption algorithm
- Cyber physical security
Apart from this, the country aims to improve cyber security awareness amongst its 32.7 million population through its National Cyber Security Awareness Master Plan. Under this, Cybersecurity Malaysia issues regular advisories and best practices guidelines through its Malaysia Computer Emergency Response Team (MyCERT) and its outreach program CyberSAFE.
Additionally, as a part its cybersecurity stance, Malaysia plans to build and nourish home-grown talent and capacity in cybersecurity. For this, the country plans to develop cyber security curriculum at the primary, secondary and tertiary level through collaboration with Ministry of Education.
Surge in cyber attacks
In 2019, Malaysia was positioned 4th most susceptible to cyberattack country in the world as it was prey to the 3% of the world’s cyber attacks. Dr. Amirudin Abdul Wahab, CEO, Cybersecurity, Government of Malaysia opines that in 2021, there will be surge in organized cybercrime activities particularly in line to APT and ransomware attacks as most of the enterprises in the Malaysia switch to a digitalization and embrace the cloud strategy. According to the Malaysian Crime Prevention Foundation (MCPF), the total losses recorded in regards to cybercrime in 2020 alone, was 60.13 million.
In 2020, the country was mostly victim of targeted attacks relating to ransomware, phishing, reconnaissance, credential harvesting, malware and virtual private network (VPN) exploits and denial of service attacks.
In the first half of 2020, Malaysia had an estimated 35% increase in total attack volume compared to the second half of 2019. The number of reported incidents involving cyberbullying, fraud, or intrusion was 82.5 % higher compared to 2019.
In this regard, SMEs which constitutes about 98.5% of businesses in Malaysia, out of which 84% of them were the victims of the cyber attack in 2020. Since, the advent of the Covid-19 pandemic there has been 109% surge in cyber attacks underscoring the importance of enterprise-level protection against such threats.
Malaysia ranks second amongst its ASEAN counterparts and 23rd worldwide for its digital economic development according to the World Bank survey in 2020. The cybersecurity remains at the crux of the Malaysian digital drive. Since, 84% of the Malaysians are active internet users and 65% are active mobile users in the country, they tend to spend an average time of 49 hours per week online which is risking sensitive data through cyber attacks.
To advance the cybersecurity capabilities to curb the cyber attacks, Malaysia has launched Global Accredited Cybersecurity Education (ACE) Certification Scheme which scheme reinforces the development of cybersecurity professionals in the country. The country has also executed other complementary policies including the National Policy Framework for the Fourth Industrial Revolution and the New Services Sector Blueprint. Apart from this, the Malaysian government has framed several initiatives to become a digital cybersecurity powerhouse. One of such initiative is MyDigital- the Malaysia Digital Economy Blueprint, which ties together all the national activities and is a perfect match to its impending 12th Malaysian Plan and the Shared Prosperity Vision 2030.
Moreover, the Malaysian government has allotted $36.5 million into its Smart Automation Grant (SAG) initiative under the National Economic Recovery Plan and the People and Economic Strategic Empowerment Programme. The SMEs which translates to 98% of the overall players in Malaysia could leverage the advantage of cost, specifically, matching based eligible expenditures granting a maximum of $242427 to set up their digitalization story.
Lack of cybersecurity commitment
Cyber security investment in ASEAN region was $2.59 billion in 2018, which comprise only 0.06% of regional gross domestic product (GDP). As per a report by Deloitte, there is low investment on IT security management amongst the ASEAN countries.
These nations are likely to spend 48% less on information security system compared to developed nations. As per a study by Microsoft, more than half of the surveyed Malaysian companies, have either experienced a cyber attack (17%) or are not sure to have had one. They attribute this to dearth of proper forensics or data breach assessment (36%) measures in the country.
Lack of regulatory initiative
Malaysia still struggles to create a formalized strategy to ensure minimum protection of information security across its critical sectors. Malaysia still follows the archaic ISO/IEC 27001 Information Security Management Systems as the basic standard for information security. The cybersecurity sector is fragmented as it embodies horde of regulatory frameworks is reliant on strategic partnerships to meet its information security obligations.
Besides this, data localization remains a top challenge in Malaysia. Although, the country has set up a Cybersecurity strategy to address the digital threats in its CII sectors other sectors such as retail, manufacturing, construction also needs appropriate measures to protect them against the increasing cases of cyber attacks
Sheer volume of digital asset to protect
The cyber criminals are targeting to access mass quantities of sensitive data through the use of advanced technologies. As per computer world, a medium sized network with 20,000 connected devices transmits over 50 TB of data in a single day which means over 5 Gbits needs to be assessed each second to detect potential cyber attacks. The data is exponentially growing and is now seen as a prized asset. With this trend, the data from multiple sources and formats will be difficult to manage and protect.
Evolution of cyber security threats
Rapid technological evolution makes threat monitoring and response more difficult, especially with the rise of encryption, multi-cloud operations, the proliferation of the Internet of Things (IoT), and the convergence of operation technology (OT) and IT. Malaysia is likely to spend $25 billion in ICT by 2023. During 2020-2025, the key growth prospects in ICT shall include cloud computing, data analytics, storage, cybersecurity, business process outsourcing, and mobility with CAGR of 21%.
AI is used in cyber attack as well as in cyber threat defense. AI based systems is used to spread misinformation and campaigns by nation-state hackers by weaponizing social networks and instant messaging apps to influence the sentiment of the population that fuels civil disorders. There are over 24 million Malaysians translating to 75% of the total population who are active social media users in the country.
The cyber attackers are also continuously evolving their tools, techniques and tactics. Adding on to the strain, many organizations security and IT capabilities are at nascent stage with limited or minimal visibility of the fast evolving cyber threat landscape. Microsoft in its Security Intelligence Report (SIR), has disclosed that Malaysia is extremely vulnerable to cyber attacks. Malaysians are an easy target to cryptocurrency mining malware and ransomware attacks,
Lax security of internet of things devices
IoT expands the cybersecurity beyond traditional operations security. However, it is more inclined towards convenience over security. Since the insurgence of Covid 19 in 2020, there also have been surge in the use of connected technologies like IoT, 5G. A report by Forrester implied that at least 80% of firms are likely to switch to on-premises return-to-work office strategies that include IoT applications to enhance employee safety and improve resource efficiency.
In 2020, companies which suffered a data breach but deployed AI technology saved an average of $3.58 million. However, majority of connected devices have still not implemented security by design thus exposing the organizations and individuals to cyberattacks. As of the diffusion of IoT devices the unethical hackers will target unprotected IoT systems with precisely designed malware, such as the Mirai bot.
The IoT economic potential for Malaysia is likely to be $10.3 billion GNI creation beyond 2020. IoT is gradually being integrated into enterprises, and even government and public services. In view of this, MIMOS in Malaysia has released its National IoT Strategic Roadmap in 2015, under which one aim was to build a safe cyber cities and cyber centers.
Risk management in the cloud
The Malaysian Digital Economy Blueprint (MyDIGITAL) has targeted to achieve 80% cloud storage of data across the Government by 2022 all the while augmenting remote work processes. Thus, the increasing cloud and Software as a Service (SAAS) adoption is leading to new challenges in cybersecurity.
Following covid 19, there has been widespread adoption of remote work culture leading business to adhere to cloud based processes and infrastructure. In 2020, misconfigured cloud settings were a leading cause of data breaches costing an average of $4.41 million.
The International Information System Security Certification Consortium (ISC)² revealed that the global IT security skills shortage has crossed 4 million mark, with a 2.6 million shortfalls in the Asia Pacific region alone. It is estimated that there will be 3.5 million shortage of talent working in cyber security jobs by the end of 2021.
In 2020, According to the Malaysia Digital Economy Corporation (MDEC), 10% of the top job opportunities in the country is associated with cybersecurity. The percentage of women in the country’s cybersecurity industry is estimated to be 21%. Malaysia holds an estimated 6000 cybersecurity professionals but has a demand of 10,500 professionals in 2020. As cyber threats become more sophisticated bringing severe consequences, cybersecurity professionals need to constantly upgrade their skills to remain relevant. However, the cyber security roles require deep technical skills and it is much more challenging to fill up those roles.
In order to fill up the gaps in number of professionals in the country, Malaysian government plans to implement National Cyber Security Capacity and Capability Plan that will enhance national cyber security awareness and education. It is achieved through cross-sector collaboration though training and certification programs.
Likewise, the Malaysia Digital Economy Corporation is driving its efforts of increasing the number of local skilled professionals through up-skilling and re-skilling. Besides this, the Cybersecurity Malaysia aims to implement Global Accredited Cybersecurity Education (ACE) Scheme so as to certify and recognize cybersecurity professionals in compliance in regards to – ISO/IEC 17024 on people certifications, ISO/IEC 9000 on processes and ISO/IEC 27001 on security management.
Technology is a double-edged sword as the same technology is used by the attacker as well as the security community. As per Datuk Dr Amirudin Abdul Waha, CEO of the CyberSecurity Malaysia, “the traditional cybersecurity approach is unable to detect and tackle new sophisticated attacks such as the advanced persistent threat”. So, technology needs to continuously evolve to tackle these sophisticated attacks. The various cybersecurity tools include:
|Identity Authentication Access Management (IAAM)||Enables authorized individuals access to resources at right times for right reasons||Web access managementIdentify Access Management (IAM) tool|
|Infrastructure Protection||Prevent threat at end-points, databases and cloud||Endpoint protectionEmail gatewayWeb gatewaySecurity information and event managementVulnerability assessmentData loss protection|
|Network Security Protection||Protect network (e.g. corporate network)||Internet Service Provider (ISP) equipmentFirewallVirtual Private Network (VPN)Unified Threat Management (UTM)|
|Security Services||Strategic or operational service protection against cyber threat||ImplementationSupport servicesManaged Security Services (MSS)Consulting servicesGovernance Risk and Compliance services (GRC)Training|
In 2021, Cyber security industry appears to adopt many advanced technologies which include:
AI and deep learning
AI adds additional layers of authentication whereas deep learning examine data, transaction or real-time communications to detect threats or unwarranted activities.
It is used to predict patterns on a system and network to detect possible cyber threats especially in case of unprecedented transmission of data from a device.
Embedded Hardware Authentication
Embedded authenticators are much more advance to a PIN or password which verify and employs multiple levels of authentication chips into the hardware for fool proof protection.
Blockchain are almost impenetrable network against hackers to safeguard data. This wok on the basis of Blockchain technology’s peer-to-peer network fundamentals.
It constitutes identifying business-critical data, mapping the flow of this data, logical and physical segmentation, policy and control enforcement through automation and constant monitoring to for both internal and external securities.
Strong regulatory framework
Malaysia has many cyber laws and policies such as the Computer Crime Act 1997 and the Communication and Multimedia Act 1998 which safeguards against cyber-criminal activities in the country.
Over the years, Malaysia has updated its cybersecurity regulations such as drafting cyber security bill. Some of the regulatory bodies and their parameter in relation to cybersecurity are explained below:
In Malaysia, the attorney general reviews existing legislative and regulatory framework concerning cybercrime. By the first half of 2021, Malaysia appears to revise the National Cyber Crisis Management Plan (NCCMP) along with its reporting mechanism, to improve and manage Cyber security incidence.
Other than this, organisational, sectoral and national levels cyber exercises will be executed in line with the Cyber Exercise Implementation Plan and conjure up a Cyber Readiness Report by the end of 2021.
The Southeast Asia Regional Centre for Counter terrorism (SEARCCT) and the Royal Malaysia Police are the main bodies that monitor extremist activities in cyberspace.
The National Cybercrime Enforcement Plan (NCCEP) reinstates and prepares the judiciary members, prosecutors, law enforcement officers and legal practitioners by instituting knowledge and skills relating to the intricacies of cybercrimes.
Other Key Market Trends
Ransomware attacks on the rise
While western economies are observing a 73% rise in ransomware attacks. Malaysia, on the other hand, encounters 100% more attacks on average. As per a report by Microsoft, although there might be a change in volume of ransomware attacks, but the severity rate hasn’t declined. The industries most prone to such attacks are transportation, traffic systems, and hospitals.
While drive-by download web page have witnessed a rise of 22% in the world, Malaysia have experienced a 544% increase in such attacks compared to a global average. Microsoft disclose that Malaysia holds the highest density of drive-by download pages in the world along with countries like Indonesia and Taiwan.
In 2021, it is estimated that there will be a significant increase in cyber espionage campaigns carried out by state-sponsored hackers. State-sponsored attackers aim at gathering intelligence on strategic Intellectual Property, which can give their governments a technological and economical advantage in the post COVID-19 world. Advanced Persistent Threat groups (APT) linked to Russia, China, Iran, and North Korea have the ability to perform malicious operations against countries worldwide especially in countries like the US, Europe, and Middle East due to the escalating tensions between the nations.
In 2019, Malaysia had to go through cyber attack executed by a state-sponsored hacking group linked with the Chengdu 404 Network Technology in China that targeted business houses in Malaysia. Also, in the same year, a Chinese state-sponsored hacking group repeatedly targeted to infect computers of government officials with malware and then steal confidential documents from government networks.
Market Size and Forecast
The cyber security market in APAC region is expected to grow at CAGR of 20% within the 2019-2025 forecast period and 60% market share is seized by Security services segment in the region.
The global cybersecurity market has grown steadily over the years and is estimated to be worth $202 billion by the end of 2021. According to Kearney, the Cyber Security market in Malaysia is projected to be $607 million by the end of 2021. From 2022-2030, the market is further expected to grow at CAGR 15%-16%, attaining $1.8 billion market size by the end of 2030.
Malaysian cybersecurity industry is one of the fastest growing in the ASEAN region with a CAGR growth rate of 13.1% in the 2017-2022 forecast period. The country’s cyber security industry revenue is forecasted to reach $37 million by 2022 which translates to 22.2% of the overall regional market share.
Malaysia is primarily strong in delivering professional security services. In the secure content management market particularly email and web security, the country ranks second in ASEAN bloc holding 24.4% market share. Likewise, Malaysia spent $10.4 million in sandboxing solutions and holds 17.6% market share in ASEAN. the cloud-based services segment is likely to show a dramatic rise of CAGR 39% over the forecast period of 2017-2022. Nevertheless, on premise solutions appears to still remain popular over cloud-based services. In 2021, overall security services market in Malaysia was projected to be $607 million.
The global cybersecurity spending will steadily increase over the years and reach $187 billion by the end of 2021. This is because of the shift to remote work during the COVID-19 pandemic which has increased the chances of a cyber-breach.
Malaysia is expected to invest $655 million in cybersecurity and the industry growth is expected to hit 15% by the end of 2025. In 2020. The country is estimated to spend $434 million on its cyber security strategy.
By 2025, 75% of the ASEAN cybersecurity services market projected to be catered by Malaysia. The country is expected to register the highest growth in ASEAN region as the country with the evolution of the managed services all the while mitigating the gaps in infrastructure.
In Malaysia, digital economy plays a central role in its ambition to become a developed economy. In 2019 before the onset of the Covid-19 pandemic, the ICT sector rose by 7.1% and contributed $70.35 million which translated to 19.1% of the country’s GDP.
The future outlook of cyber security market
- In 2023, spending on cloud security tools is likely to escalate from $5.6 billion in 2018 to $12.6 billion.
- In 2023, spending on cloud security solutions is estimated to be $1.63 billion rising from $636 million in 2020 at a 26.5% CAGR.
- In 2023, spending on Infrastructure Protection is estimated to surge from $18.3 billion in 2020 to $24.6 billion, at a 7.68% CAGR.
- By 2020, global IT security spending is likely to reach $128 billion, out of which the endpoint security tools comprise 24% of the total IT security spending,
- According to IDC, 70% of all breaches appears to originate at endpoints, regardless of the increased IT spending on this threat surface
Malaysia’s economy post Covid-19
Since the Covid-19 show no sign of subsiding anytime soon, the pandemic has accelerated the adoption of technology such as e-commerce, financial technology, video conferencing, telemedicine and online education. The COVID-19 pandemic has underscored Malaysia’s transition into the digital economy as increasingly millions of Malaysians are resorting to virtual experiences for their e-Commerce, entertainment and even education needs. With this trend as a way of life there are increasing instances of cyber attacks in the country.
The Malaysian economy had its worst decline since the 1998 Asian financial crisis as it economy flouted 5.6% in 2020. It is estimated that daily losses due to Covid-19 lockdown was almost $640 million. The country recorded highest unemployment rate in its history, hitting 5.3% in 2020. the country’s exchange rate against the dollar also flouted. In 2019, Malaysia’s exchange rate for March 2019 was RM4.08 in exchange for 1 USD, however in 2020, it depreciated to RM 4.26 in exchange for 1 USD in July 2020. This will have ripple effects across all sectors especially manufacturing and trade.
Post Covid-19 cybersecurity risks
Pre-Covid cyber offenses were essentially related to Fraud, however post Covid in the year 2020, the top three cyber security incidents in Malaysia were Fraud, Intrusion and Cyber Harassment. With increasing sophistication of cyber attacks after the Covid-19, there is a serious need to amplify the security defence in Malaysia. There has been increasing cyber threats driven by the pandemic such as scams, cyber espionage and data breach.
In this regard, Malaysia is exercising security awareness and risk management through collaboration with local and international bodies. As per the EY Digital Survey, the banking sector in Malaysia is the most digitally evolved in ASEAN, compared to its peers like Hong Kong, China and Singapore. Under the wings of Cyber security Malaysia, there are many agencies and services that promotes online security including, Cyber 999, My CERT, Cyber Safe, Cyber Guru, Malaysia Competition Commission, Cyber Security Malaysia, CNII Portal, Industry engagement and collaboration, Government and international engagement, E-security bulletin, Cyber News among others.
The threat actors exploiting the uncertainty and extraordinary response caused by the Covid-19 pandemic were related to:
- Covid-19 Phishing emails/websites
- Covid-19 Scam Domains
- Covid-19 based malware
- Covid-19 Android Malware
- Covid-19 Vulnerable sectors and infrastructure such as the healthcare sector
Cybercrime is considered as the top three threat across seven different industries. Amongst them most significant danger of cyber attack is in technology, media and telecommunications (20%), government and public sectors (17%) and healthcare (16%).
The industries most prone to cyber attacks such as healthcare, banking and financial services, technology, media and telecommunications as well as Public and social sectors are likely to have moderate to high cybersecurity spending. Whereas, consumer and retail. Advanced industries, energy and materials and travel, transport and leisure will have overall decrease in cybersecurity spending.
Cybersecurity spending appears to increase in network security, endpoint security, identity and access management, messaging security, managed security services and security and vulnerability management. Whereas, there will be no change in spending patterns across web security, data protection and governance and compliance.
The healthcare industry has been at the front and center of the Covid crisis. This has resulted in the widespread adoption of telemedicine and virtual consultations thus make this industry highly prone to cyber attacks. This has induced increase in cybersecurity investment and spending in this sector. Also, Covid-19 crisis has compelled customers to shop online leading retailers to increase spending in security for digital-payment platforms. The cyber security spending appears to rebound faster at large enterprises compared to small and medium enterprises.
Covid-19 has induced a shift to remote work which will bring immediate cybersecurity risks. Working from home does not guarantee the same level of cybersecurity as an office environment and so are more prone to attacks. As many SMEs are switching to Bring Your Own Device (BYOD) approach compared to Corporate Owned Personally Enabled’ (COPE) approach, there have been 47% spike in phishing scam while working at home. Cyber-attackers are capitalizing on people’s interest in coronavirus-related news by introducing malicious fake coronavirus related websites. The average cost of a data breach resulting from remote working is estimated to be $137,000. In the first quarter of 2020, over half a million people were affected by breaches in which the personal data of video conferencing services users was stolen and sold on the dark web.
Companies are incorporating Multi-Factor Authentication (MFA) to legacy systems and are rapidly switching to cloud platforms as of the Covid-19 restrictions. additionally, companies are prioritizing privileged access and identity governance solutions with advanced security analytics. There has been increase in spending on MFA services in collaboration with system-as-a-service solutions including file sharing, virtual -desktop infrastructure and communication platforms essentially by Small and medium enterprises.
Rather than adding staff or budget companies are automating routine tasks. Especially companies dealing to outsourcing services, managed-service providers are funding security orchestration and automation response tooling. Also, cyber attacks are increasingly being automated, so the only way to reduce and prevent the volume of threats is through automation. As per Exabeam’s 2019 survey, 88% of cybersecurity professionals believe automation will make their jobs easier, and a mere 10% views automation as a threat to their jobs.
Security for trusted third parties
Covid-19 has disclosed many technical gaps in cybersecurity measures. In case of shared network access there is a need for increased monitoring tools such as click-of-a-button security-rating tools, security-risk assessments, and security-reporting instruments. As per a report by EY, 52% of the security leaders in Malaysia consider outsourcing security operations post Covid-19.
There is also increase in e-commerce security spending particularly from in-house systems to outsourced services. In 2021, there are 16.53 million active ecommerce users in Malaysia. However, it is reported that over 53% of consumers in Malaysia are still not confident about the security system while purchasing online. According to GlobalData’s E-Commerce Analytics, Malaysia’s e-commerce market registered 24.7% growth in 2020. The market is estimated to be worth $12.6 billion by 2024 growing at a CAGR of 14.3% during the forecast period of 2020-2024.
Key Market Players
|Key Malaysian Cyber Security Players||Revenue||Security Services|
|LGMS||$1 million||Founded in 2005 and headquartered in Kuala Lumpur, LGMS is primarily a cyber security penetration testing and assessment firm. It is accredited with CREST and ISO 17025 certifications. The company also offers compliance and advisory, forensics and security training services.|
|Wizlynx Malaysia||$22 million||Headquartered in Switzerland Wizlynx offers security assessments and penetration testing services such as cyber defense consulting, cyber security incident response, cyber threat intelligence and cyber security detection services.|
|Ensign Info security||$126 million||Headquartered in Kuala Lumpur, Malaysia, Ensign is an end-to-end cybersecurity service provider. It offers bespoke solutions and services to address their clients’ cybersecurity needs. Their core competencies are in the provision of cybersecurity advisory and assurance services, architecture design and systems integration services, and managed security services for advanced threat detection, threat hunting, and incident response.|
|Securelytics||$4 million||Headquartered in Malaysia, it offers ICT security advisory and testing services for commercial and government clients.|
|Nexagate||$3 million||Established in 2010 in Malaysia, it is a cybersecurity consulting and services provider. It offers penetration testing and aims to improve their security processes, achieve compliance and protect their data with its range of cloud-based managed security solutions and its patent-pending NSI Unified Security platform. It specializes in enterprise-class solutions in digital media, Web infrastructure, software as a service (SaaS) and Web security.|
Malaysian cybersecurity industry is one of the fastest growing in the ASEAN region with a CAGR growth rate of 13.1% during 2017-2022 forecast period Malaysia considers cyber security as a national priority in its quest to become a digital economy.
However, Covid-19 has triggered the rapid adoption of remote work culture and online activities which reveals the need of cyber resilience in the country. In this regard, Malaysia is strengthening cyber security capabilities and capacity by developing talent, building cyber security awareness and encouraging industry collaboration.
|API||Application Programming Interface|
|APT||Advanced Persistent Threat|
|ASEAN||Association of Southeast Asian Nations|
|BYOD||Bring Your Own Device|
|CEO||Chief Executive Officer|
|CIIs||Critical Information Infrastructures|
|My CERT||Malaysian Computer Emergency Response Team|
|CAGR||Compound Annual Growth Rate|
|DDoS||Distributed Denial of Service|
|GDP||Gross Domestic Product|
|IoT||Internet of Things|
|ICT||Information and Communication Technology|
|ISO||International Organization for Standardization|
|IEC||International Electro Technical Commission|
|MCSS||Malaysia Cyber Security Strategy|
|MDEC||Malaysia Digital Economy Corporation|
|PIN||Personal Identification Number|
|R&D||Research and Development|
|SAAS||Software as a service|
|SMEs||Small and Medium Enterprises|