Cyber Security Act 2024:
Does it Apply to My Business?

Monday, 19 May 2025 |
2 mins read

Malaysia's Cyber Security Act 2024 (Act 854) has introduced new cybersecurity standards to the nation. While the Act focuses heavily on National Critical Information Infrastructure (NCII) sectors, non-NCII businesses shouldn’t breathe a sigh of relief just yet.

Even though the immediate impact might seem less severe, Act 854 signals a broader shift towards greater cybersecurity accountability across the board. This means that even if you're not in a critical sector like finance or energy, you still need to pay attention.

Here's Why

Expanding Scope

While the current focus is on NCII, the scope of the Act could expand in the future to include more sectors. Taking a "wait-and-see" approach to cybersecurity is a risky strategy and many companies get caught in a reactive cycle. Instead, take this time to carefully assess your environment and potential licensed partners to avoid panic.

Supply Chain Security

NCII entities are required to strengthen their cybersecurity posture, and this includes their supply chains. If you're part of an NCII entity's supply chain, you'll likely face increased scrutiny and need to demonstrate robust security practices. Being proactive now puts you ahead of the curve.

General Cybersecurity Practices

Act 854 promotes good cybersecurity hygiene across all sectors. This includes items like incident reporting, risk assessments, and employee training, which are beneficial for all businesses, regardless of their sector.

Reputational Risk

Cybersecurity incidents can damage any business's reputation. Losing customer trust is a major consequence of cyberattacks. Not only do businesses find it harder to win new customers, but they also struggle to keep their existing ones, as evidenced by the rising percentage of companies (20% in 2023 to 47% in 2024) reporting difficulties in customer acquisition. By adopting good practices now, you can mitigate this risk and demonstrate to your customers and partners that you take security seriously.

What to Look Out For

Stay Informed

Keep up to date with any changes or expansions to the Act.

Assess Your Cybersecurity Posture

Find out what needs the most protection by conducting a risk assessment to identify critical assets and vulnerabilities.

Develop a Strategy

Create a cybersecurity strategy that reflects your specific business needs and set up an appropriate security structure within the company.

Build a Roadmap

Create a practical plan to tackle security weaknesses and prioritise the most important improvements.

Prioritise Employee Training

Educate your employees on cybersecurity threats and best practices.

Develop an Incident Response Plan

Have a plan in place to deal with potential cyber incidents.

Partner with Cybersecurity Experts

Consider working with licensed cybersecurity providers for guidance and support.

Time dotCom: Your Partner in Cyber Security

The Cyber Security Act 2024 is a wake-up call for all Malaysian businesses. Strong cybersecurity isn't just about protection; it's a powerful brand differentiator. In a world where cyber threats are constantly evolving, demonstrating your commitment to security can elevate your brand and give you a competitive edge, ultimately safeguarding and even boosting your revenue. Even if you're not in an NCII sector, now is the time to take proactive steps to strengthen your cybersecurity posture.

Let's Talk

Schedule a consultation with our cybersecurity experts to discuss your specific needs.

TIME TO TALK
Back to Security

About Time

Our Company

Newsroom

Investor Relations

Career

Sustainability

Reference Access Offer

More From Time

Home Fibre

Time Business

Time Enterprise

Time Wholesale

Emit Solar

Time Charge N Go

Help

Live Chat

FAQ

FAQ

Application Status

Announcements

Follow Us

Download App

Copyright 2025 TIME dotCom Bhd 199601040939 (413292-P). All rights reserved.

Redress your complaints at the Consumer Forum Malaysia CFM www.cfm.my/complaint-channels