Digital Economic Powerhouse of Southeast Asia
The digital future is now. The digital economy of Southeast Asia is poised to reach USD$1 trillion in Gross Merchandise Value (GMV) by 2030 (Bain, 2021). The region has more than 440 million internet users and more than 80% of them are digital consumers (i.e. purchased at least one service). The digital economy is expected to contribute to 22.6% of Malaysia’s GDP and create over 500,000 jobs by 2025 (EPU, 2021).
Malaysia’s Vulnerability to Cyberattacks
However, the rise of digitalisation has been accompanied by increased cyberattacks. Despite being ranked top 10 in the United Nations International Telecommunication Union (ITU)’s Global Cybersecurity Index (2020), Malaysia is very vulnerable to cyberattacks. Some of the recent cases illustrate this point:
Malaysia’s aspiration to become a leader in the digital economy within the region can be derailed by the spectre of cyberattacks. According to a 2018 study by Frost Sullivan and Microsoft (2018), Malaysia could potentially lose up to RM51 billion or more than 4% of our GDP due to cybersecurity incidents.
Techlash and The Need for Digital Trust
The public backlash against technology or ‘techlash’ poses challenges for governments and businesses alike. The public is increasingly suspicious of technology including misinformation, privacy and 5G networks (WEF, 2021). Cybersecurity is important to set the foundation for governments and businesses to operate in a safe and secure digital environment. A 2018 PwC survey on digital trust succinctly put it: “If the lifeblood of the digital economy is data, its heart is digital trust”.
ISSUES AND RECOMMENDATIONS
KSI Strategic Institute for Asia Pacific and Huawei Malaysia collaborated on a webinar to discuss the issues pertaining to cybersecurity on 7th April 2022. Based on the webinar, the brief outlines the specific issues and recommendations.
1. No specific cybersecurity laws
Apart from the Personal Data Protection Act (PDPA), Malaysia does not have a specific law addressing cybersecurity-related offences. Enforcement agencies including National Cyber Security Agency (NACSA) have to rely on existing legislation (e.g. Communications and Multimedia Act 1998, Computer Crimes Act 1997 and Defamation Act 1957) to address cyberthreats (NACSA, 2021). These laws are inadequate due to the evolving nature of cyberspace.
Recommendation: Introduce cybersecurity law to specifically deal with cybersecurity-related matters. Review the PDPA based on personal data legislation from other countries (e.g. EU’s General Data Protection Regulation (GDPR), China’s Personal Information Protection Law, New Zealand’s Privacy Act 2020).
2. Low digital literacy
Malaysia’s internet penetration is close to 90% (Statista, 2022) and access to smartphones is extremely high. However, according to ITU (2021), only 60% of Malaysians have standard ICT skills (e.g. using emails). This explains the vulnerability of individuals and businesses to cyberattacks, particularly fraud. Digital literacy must address the quality of digital education, urban-rural divide and stay apace with the evolving nature of technology.
Recommendation: Review existing digital literacy initiatives (e.g. MDEC’s #SayaDigital, PDRM’s #TakNakScam) to include and emphasise on cybersecurity.
3. Lack of multilateral and regional technical cooperation
The ASEAN Digital Ministers’ Meeting (ADGMIN) launched the ASEAN Cybersecurity Cooperation Strategy 2021-2025 in January 2022 as an update to the previous strategy in enhancing cooperation in cybersecurity (ASEAN, 2022). Capacity-building programmes under the strategy include ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) and ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE). However, these physical centres are confined to Bangkok, Thailand and Singapore respectively, limiting their impact to Malaysia.
Recommendation: Enhance existing initiatives, specifically Malaysia’s 5G Cyber Security Test Lab into a centre of excellence with support from regional partners (e.g. ASEAN, China). Consider a Memorandum of Understanding between Malaysia, ASEAN and China on cybersecurity cooperation, specifically on cybersecurity skills, sharing of best practices, capacity building and industry-academic collaboration.
 Cyberattack has a broad definition. A working definition by NIST Computer Security Resource Center: “An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.”
 ITU defines cybersecurity as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.”