Talent & Tech Asia Summit 2024
Are employers in Malaysia prepared in their cybersecurity?

Are employers in Malaysia prepared in their cybersecurity?

While there is broad consensus that hybrid working is here to stay, its long-term success hinges greatly on organisations’ ability to safeguard themselves.

Cybersecurity requirements have evolved as the business landscape has been spun on its head, especially in a post-COVID world. Organisations have moved from operating on a largely static model – where people operated from single devices from one location, connecting to a static network – to a hybrid world, being increasingly operated from multiple devices in multiple locations, connecting to multiple networks.

While there is broad consensus that the move to hybrid is here to stay, its long-term success hinges greatly on organisations’ ability to safeguard themselves against new and rapidly evolving threats.

Set against this backdrop, Cisco has developed the Cisco Cybersecurity Readiness Index to understand how prepared organisations are to meet modern security challenges. The index is based on their preparedness across five key pillars, and the state of deployment of 19 security solutions within those.

The five key pillars are:

  1. Identity
  2. Devices
  3. Network
  4. Application workloads
  5. Data

Malaysia vs. the world's cybersecurity readiness gap

Per the study, only 15% of organisations globally are deemed to have a mature level of preparedness to handle security risks in a hybrid world. Still, Malaysian organisations were noted to fare better than the global average, with 16% in the mature stage of readiness.

Generally, companies do recognise the reality of the threat, with 95% of security leaders in Malaysia believing cybersecurity incidents are likely to disrupt their businesses over the next 12 to 24 months. This compares to a global number of 82% who feel the same.

Further, these beliefs seem to be grounded in reality — 55% of respondents in Malaysia said they had experienced some kind of cybersecurity incident in the last 12 months, compared to 57% globally. The incidents cost 35% of Malaysian organisations affected at least US$500,000 or more, compared to 41% globally who had similar costs.

Closing the readiness gap 

The good news is that security leaders are aware of the risks and are keen to invest in their cybersecurity readiness: 91% of Malaysian organisations surveyed have plans to increase their cybersecurity budget by at least 10% over the next 12 months, compared to 86% globally. 

However, as the study cautions, companies do need to think about security differently when deploying their budget. With threats everywhere, stand-alone security strategies are no longer effective; they focus too much on threat prevention, create siloes that can be exploited, and don’t account for the full business impact.

What organisations need instead, is security resilience, where security is foundational to business strategy and is collectively prioritised throughout the organisation, allowing companies to better anticipate threats and bounce back faster when a threat becomes real. 

For business leaders to build secure and resilient organisations, they must establish a baseline of how ‘ready’ they are across the five major security pillars. 


A quarter (24%) of all respondents ranked identity management as the number one risk for cyberattacks. Off the back of this, it is no surprise that 95% of respondents have also implemented some kind of identity management solution, with integrated identity and access management proving most popular — two-thirds indicated that they have deployed such solutions.

Despite so, there is still significant progress to be made to meet the challenge of identity verification. Currently, only one in five organisations (20%) fall into the mature category, with a similar number (22%) in the progressive segment. Of the remaining, close to two in three organisations fall into the formative (38%) or beginner (20%) category.

In Malaysia specifically, 23% of organisations are at the mature stage of readiness, 25% are at the progressive stage, 36% are formative, and 16% are beginners.


With the number of devices connecting to a company network growing exponentially in recent years, the level of readiness to tackle the cybersecurity risks on this front seems to be varied. On a more positive note, 31% of companies globally are in the mature category, the highest of any pillar. A further 13% were in the progressive stage. However, more than half (56%) of companies are still either at the very start of their journey, or only a short way down the path.

In Malaysia, 30% of organisations are at the mature stage of readiness, 14% are at the progressive stage, 27% are formative, and 29% are beginners.


A hybrid working environment calls for flexibility. Beyond the number and type of devices that employees use, flexibility also includes where they log in from, and where the data they need to access is stored and processed. That makes the role of the network even more important, and the need to safeguard it even more critical.

Despite recognising this, organisations seemed to be lagging behind in their preparations to tackle the cybersecurity risks on this front. Over half of the companies globally (56%) are either in the formative or beginner categories, and only 19% sit in the mature category.

In Malaysia, 22% of organisations are at the mature stage of readiness, 21% are at the progressive stage, 49% are formative, and 8% are beginners.

Application workloads

The widespread adoption of applications across businesses, and their importance to customer experience, has added another layer of cybersecurity complexity. Malicious actors may look at applications as a way to infiltrate a company’s IT infrastructure.

While companies globally have adopted tools and capabilities to safeguard themselves, the scale of deployment clearly has not kept pace with the speed at which applications have grown. Per the study, the majority of companies (65%) globally are in the formative or beginner stage, and only about 12% are in the mature stage, the smallest number across the five areas assessed.

In Malaysia, 15% of organisations are at the mature stage of readiness, 29% are at the progressive stage, 44% are formative, and 12% are beginners.


Often labelled as the "new currency", it is critical for companies to safeguard all forms of data in their ecosystem. 

With the widespread critical nature of data protection, it is no surprise that the mature and progressive categories account for half (50%) of the respondents, a significantly higher proportion than noted for a pillar such as device protection readiness. However, there is still work to be done — 22% of companies are still in the beginner stage,  the second highest number in this stage across the five key areas.

In Malaysia, 24% of organisations are at the mature stage of readiness, 19% are at the progressive stage, 30% are formative, and 27% are beginners.

Lead image / Cisco Cybersecurity Readiness Index (provided)

Follow us on Telegram and on Instagram @humanresourcesonline for all the latest HR and manpower news from around the region!

Free newsletter

Get the daily lowdown on Asia's top Human Resources stories.

We break down the big and messy topics of the day so you're updated on the most important developments in Asia's Human Resources development – for free.

subscribe now open in new window