Malaysian organisations are grappling with a significant uptick in cyberattacks, increasingly driven by artificial intelligence (AI). The sophistication of these attacks, which range from data harvesting to automated exploitation, is evolving rapidly, posing a serious threat to national cybersecurity. In the fourth quarter of 2024, Malaysia recorded a staggering 78% increase in ransomware incidents, underscoring the pressing need for robust cyber preparedness across the country.
The global cost of cybercrime is currently estimated at over $7 trillion and is expected to rise steadily, indicating that cyber threats remain a major concern for Malaysian businesses. In March of last year, Prime Minister Datuk Seri Anwar Ibrahim disclosed that the digital systems of Malaysia Airports Holdings Bhd were compromised by hackers demanding a ransom of $10 million (RM44.39 million), resulting in several days of operational disruption.
Cloudflare’s latest Signals Report illustrates the escalating cyber threat landscape, revealing that the company thwarted over 20.9 million Distributed Denial of Service (DDoS) attacks last year, a 50% increase from the previous year. As ransomware and AI-driven cyber threats continue to dominate the security landscape, stakeholders must recognize that the risk environment in 2025 is more complex than ever.
The rise in remote work and cloud adoption has expanded the attack surface for insider threats, complicating detection efforts. Malicious actors are increasingly leveraging AI for credential stuffing and orchestrating DDoS attacks, automating their methods to evade detection and exploit vulnerabilities faster than organisations can respond. Currently, 94% of login attempts using stolen credentials are executed by bots, which can test thousands of passwords in seconds.
The use of generative AI allows cybercriminals to create hyper-realistic identities by blending real and fabricated data, complicating traditional verification processes. AI-generated personal information, deepfakes, and automated credential stuffing make these identities increasingly difficult to identify. As such, defending against AI-driven threats necessitates the integration of AI into security measures. Companies must adopt AI-enhanced threat detection systems and automated defenses to stay ahead of evolving threats.
New Challenges on the Horizon
Beyond AI-driven attacks, organisations are also facing new challenges such as “Shadow AI,” supply chain vulnerabilities, and geopolitical threats. Employees are adopting generative AI tools faster than security teams can manage, creating gaps that circumvent traditional governance and compliance. Geopolitical tensions are spilling into cyberspace, with numerous organisations underestimating the impact of state-sponsored cyber threats.
The uneven adoption of post-quantum cryptography compounds these challenges. Despite a rise from 3% to 38% in HTTPS traffic secured with quantum-safe encryption in March 2025 compared to a year prior, enterprise readiness remains lacking. With quantum computing poised to disrupt traditional encryption, there is an urgent need for leaders to accelerate the adoption of post-quantum cryptography to safeguard long-term data integrity.
Supply chains represent one of the most vulnerable areas in cybersecurity. Many enterprises rely on numerous third-party vendors, meaning a single compromised supplier can open the door to attackers. According to the World Economic Forum, 54% of large companies consider third-party risk management their top challenge in achieving cyber resilience. In this context, adopting a Zero Trust framework has become essential.
Static passwords and basic multi-factor authentication (MFA) are no longer adequate in an environment rife with phishing and session hijacking threats. Enterprises must transition to comprehensive Zero Trust architectures that incorporate password-less authentication and continuous, risk-based access controls. While 86% of organisations are investing or planning to invest in Zero Trust solutions, only about a third have fully deployed such frameworks, revealing a significant execution gap.
To address these challenges, organisations must evolve their Zero Trust strategies into unified systems encompassing identity, data, and traffic policies across all environments. Many industry leaders are already transitioning toward platforms that are resilient by design, offer global coverage, and provide real-time visibility, enabling both risk reduction and operational agility.
As Malaysia prepares to launch its National Cybersecurity Strategy for 2025–2030, which aims to bolster national resilience against cyber threats, compliance with regulatory standards is paramount. Cloudflare’s study indicates that 40% of Malaysian organisations are dedicating over 5% of their IT budgets to meet regulatory requirements, with 51% spending more than 10% of their work weeks on compliance efforts.
Originally established as the Malaysian Cyber Security Act 2024, this strategy will also guide the joint ASEAN Cybersecurity Collaboration Strategy for 2026-2030, involving ten member states. Companies failing to comply with existing cybersecurity frameworks risk facing fines of up to RM500,000. However, the stakes go beyond legal penalties; robust cybersecurity practices are essential for maintaining trust, reputation, and long-term resilience in a landscape where the costs of inaction continue to rise.
In an era marked by AI-fueled attacks and increasing regulatory demands, cybersecurity can no longer be reactive or an afterthought. Organisations must act decisively to adopt AI-enabled defenses, secure their supply chains, accelerate post-quantum readiness, and implement unified Zero Trust frameworks across their ecosystems.
See also
AI Security Shifts: Akshay Garkel on Protecting Data Amid Growing Threats
Moody’s Predicts Surge in AI Cyber Threats and Regulatory Challenges by 2026
African Firms Lag in AI Cyber Defense as 82% Struggle to Hire Talent, Report Finds
Physical Intrusion Detection Market to Reach $24.6B by 2033, Driven by AI Innovations
AI Agent Security Emerges as Critical Cyber Defense Frontier to Combat Evolving Threats
