On August 26, 2024, Pasarana Malaysia Bhd confirmed a cybersecurity incident involving unauthorized access to parts of its internal systems due to a ransomware attack. This serves as a stark reminder of the increasing cyber threats facing our organizations today.

Coincidentally, on the same day, four new subsidiary legislations under the Cyber Security Act 2024 came into effect, aimed at strengthening our national cybersecurity framework.

Among these, the Cyber Security (Notification of Cyber Security Incident) Regulations 2024 outlines crucial requirements :

✅ Immediate Notification: Prompt reporting of any known or suspected cybersecurity incidents is now mandatory.
✅ First Reporting Within 6 Hours: Organizations must submit initial incident details, including type, severity, and discovery method, within six hours of awareness.
✅ Supplementary Information Within 14 Days: Follow-up details must be provided within fourteen days.
✅ Ongoing Updates: Further updates may be requested by the Chief Executive.
✅ Submission Method: Reports should be submitted through the National Cyber Coordination and Command Centre System or other designated channels.

The Cyber Security Act 2024 also includes regulations on compounding offences, allowing certain compliance failures to be resolved swiftly through an electronic payment system, helping streamline enforcement.

This is a wake-up call for all of us, especially those managing National Critical Information Infrastructure (NCII) entities. These organizations, spread across eleven sectors including government, finance, transportation, and healthcare, are vital to our nation’s security and economy.

✅ Key Takeaway for All Leaders
We must take proactive steps to integrate these new requirements into our cybersecurity strategies to avoid severe penalties and, more importantly, protect our digital assets.

As we navigate these regulations, let’s remain vigilant, prepared, and compliant to safeguard Malaysia’s digital environment.

Stay safe, stay secure! 💻🔒