MCMC said the Guidelines on Information and Network Security for the Communications and Multimedia Industry (INSG) serve as a best-practices framework and are not mandatory at this point.

“It (INSG) is applicable to all service providers under the Communications and Multimedia Act 1998. However, other industries can also adopt the INSG as part of their cyber security measures if deemed necessary,” MCMC said in a statement today.

It encouraged the industry to try putting these best practices into operation as part of their proactive measures to strengthen cybersecurity across the industry.

“This approach allows service providers sufficient time to adapt to the INSG and provide feedback for improvement.

“The INSG is not about adding extra regulations. Instead, it aims to enhance the capability and readiness of service providers to manage cyber risks, mitigate data breaches, minimise disruptions through strengthened network infrastructure, and protect consumers from online harms,” it said.

MCMC also said that in developing the guidelines, it actively engaged with stakeholders, including cybersecurity firms, security consultants, licensees, data centres and cloud service providers, ministries, government agencies, regulators, NGOs, academia and forums affiliated with the commission.

“The feedback, suggestions and insights provided were carefully evaluated and, where appropriate, incorporated into the INSG.

“This inclusive and transparent approach underscores MCMC’s commitment to address the diverse needs and concerns of stakeholders while ensuring adherence to best practices in cybersecurity management,” it said.

MCMC said the INSG is a pivotal step in safeguarding Malaysia’s digital ecosystem, ensuring secure and resilient network infrastructure for all.

The guidelines highlight MCMC’s ongoing efforts to address the challenges of an increasingly complex cyber landscape while fostering trust and safety in the nation’s digital environment, it said.