*Our previous article on the Cyber Security Act 2024 is accessible here.
The Cyber Security Act 2024 (“Act”), which received royal assent on 18 June 2024 and which was subsequently gazetted on 26 June 2024, is expected to come into force very soon.
On or around 11 August 2024, the Chief Executive of the National Cyber Security Agency (“Chief Executive”) has confirmed that four of the Act’s subsidiary regulations (collectively, “Cyber Regulations”) have been drafted and submitted to the drafting division of the Attorney General’s Chambers (“AGC”), with three of the four having been approved by the AGC and the remaining one awaiting approval.
The four Cyber Regulations are:
(a) the Cyber Security (Compounding of Offences) Regulations 2024;
(b) the Cyber Security (Notification on Cyber Security Incident) Regulations 2024;
(c) the Cyber Security (Risk Assessment and Audit) Regulations 2024; and
(d) the Cyber Security (Licensing of Cyber Security Service Provider) Regulations 2024.
In addition to the Cyber Regulations, the Chief Executive has also confirmed that preliminary directives and guidelines are being refined, with the code of practice for each NCII sector to be drafted by their respective NCII sector leads once the Cyber Regulations are passed and the list of NCII is confirmed.
In tandem with efforts related to the Act and Cyber Regulations, the National Cyber Security Agency is, and has been, actively engaging in a comprehensive array of strategic initiatives to further strengthen the nation’s cyber security posture including:
- enhancing the National Cyber Coordination and Command Centre, a centre developed for cyber crisis management purposes including monitoring of cyber threats on Malaysia’s critical systems, to detect and respond to cyber threats with greater efficiency and effectiveness;
- developing the cybersecurity talent pool through comprehensive training and education programmes;
- creating a sustainable pipeline of cybersecurity experts who will contribute to national cybersecurity resilience through partnership with academic institutions and industry leaders;
- fostering deeper collaborations with industry stakeholders including those in the private sector; and
- developing several public-private partnership programmes to enhance information sharing, promote best practices and develop innovative cyber security solutions.
What’s Next?
As the future implementation of the Act will be significantly influenced by the Cyber Regulations, codes of practice, and guidelines issued by the authorities, stakeholders are advised to stay abreast of the upcoming developments to ensure that the necessary pre-emptive steps are taken in preparation for the coming into force of the Act. These include ensuring that the appropriate processes, structures, and personnel are put in place to achieve compliance.
It will also be interesting to see whether and how the cross-sector collaboration between the public and private sector will contribute towards the nation’s overall cyber security strategy – a trend that has been gaining global momentum in recent years.
The information provided is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.
