“It’s like bringing a knife to a gunfight,” the host of the cybersecurity podcast CybersecurityLah told FMT Business.

In 2022, there were 25,000 instances of cybercrimes with damage amounting to RM850 million, a 51.8% increase from the RM560 million recorded a year earlier.

In the five years to 2022, Malaysian businesses have lost an estimated RM2.85 billion in fraud, malware infections, phishing and other cyberattacks.

And that does not include damage to brand reputation and image.

Yet, the government allocated a measly RM10 million under Budget 2023 to fight cybercrimes.

Does the government get it?

The money is to go to the National Scam Response Centre (NSRC). Apart from that, the government has introduced a kill-switch policy for all banks.

However, Suresh believes this is highly inadequate. “In most scams, it is the victim who authorises the transaction, so the kill-switch does not activate,” he said.

He said the lack of transparency on the part of the personal data protection department (JPJD) was problematic.

He cited the Nuemera leak as an example of a major security failure that did not see the light of day. “The government does not seem to be transparent in such matters,” he said.

According to an Aug 29, 2022 FMT report, the police were investigating new evidence linked to the data leak five years earlier that involved 46 million Malaysian mobile numbers.

The new evidence reportedly revolved around the use of a highly secure laptop at the Malaysian Communications and Multimedia Commission premises to gain access to the data of all Malaysian mobile numbers.

Suresh said the lack of transparency also meant that a person would not be aware that his data had been leaked. “This will only invite more such scams,” he said.

He also said the government was not subject to the Personal Data Protection Act (PDPA). “It should be the rule, not the exception,” he said.

As a result, he said, the data leaks at MySejahtera and the international trade and industry ministry continued “without much fuss”.

It’s not all doom and gloom

Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, told FMT Business the decision to provide cybersecurity training to 1,250 military veterans and others in the government was a step in the right direction.

He also commended the communications and digital ministry for its decision to enable an audit of cybersecurity capabilities at the federal and state government levels.

Kaspersky managing director Chris Connell and Cyber Security Malaysia CEO Amiruddin Abdul Wahab agreed that the kill-switch and RM10 million investment in the NSRC was a good move.

However, Connell pointed out that businesses should also allocate resources to ensure cybersecurity.

“Today, most employees still lack basic training in cybersecurity. Most data breaches are caused by human error rather than cybercriminals using brute force to get through cyber defences,” he told FMT Business.

Contrasting views on government efforts

Amiruddin said the government should not be blamed for a lack of effort.

“The NSRC, JPJD and the National Cyber Security Agency are already working to safeguard our data,” he said.

While many bodies and organisations under the government’s purview claim they have a robust cybersecurity system, experts say there remains a lot to be done.

Amiruddin said some inconsistencies remained. “For instance, users are not required to notify the authorities when there is a breach,” he said.

“That means there is a gap between the actual number of breaches and those reported.”

He said organisations were reluctant to report cyber incidents because of the lack of prosecution.

“They may also be afraid that if such incidents are made public it will ruin their reputation and image,” he said.