MALAYSIA Scorecard

Malaysia is one of the more structured and prepared ASEAN states on paper: it has a National Cyber Security Policy, a Malaysia Cyber Security Strategy 2020–2024, and a dedicated national cyber agency (NACSA) plus CyberSecurity Malaysia as the specialist arm.

Execution and readiness are not perfect, but the country clearly sits in the upper tier of regional cyber maturity.

​

• Malaysia Cyber Security Strategy 2020–2024 (MCSS) with 5 pillars (governance, laws, capacity, innovation, and international cooperation).

• NACSA as national lead agency for cyber security policy and coordination.

• CyberSecurity Malaysia as national specialist agency providing incident response (Cyber999), forensics, training, and outreach.

• New Cyber Security Act (2024/2025) framework emerging for CI protection and licensing of providers.

Malaysia has a large, rapidly modernizing digital economy with strong cloud, fintech, and AI investments, which significantly widens its attack surface.

​

• Cisco and PwC note complex threat landscape across cloud, supply chain, identity, and OT/IoT.

• Major global cloud & AI investments (Amazon, Google, Microsoft) and a new national AI office centralizing policy and regulation.

• Heavy digitization of banking, payments, and e-commerce to broad exposure.

Malaysia is a strategic regional economy with South China Sea interests and major digital infrastructure investments, but it is not as geopolitically “hot” as the Philippines or Vietnam in direct military terms. Its cyber risk is more economic and crime-focused than frontline geopolitical.

​

• Important trade, energy, and tech hub in SEA; key to regional digital corridors.

• Has SCS claims and regional security interests, but with a more balanced, diplomatic posture than PH/VN.

• Attractive for economic/industrial espionage given large data centers and cloud deployments.

Malaysia faces intense cyber threat activity: high phishing rates, data breaches, ransomware, and a large and rising volume of online fraud incidents.

​

• 34,495 online fraud cases recorded in 2023—almost double 2019 figures.

• 35,368 online fraud cases in 2024; losses of RM1.57 billion (up 84% vs 2022).

• NACSA issued alerts for heightened attacks on Malaysian infrastructure, including web defacements, document theft, and network intrusions.

Law enforcement and regulators are actively fighting online fraud, launching guidelines, awareness campaigns, and tighter controls—but the volume of scams and losses shows that capacity and response are still under strain.

​

• Bank Negara Malaysia (BNM) reports online fraud trends and pushes strong anti-scam controls; malware/phishing-related unauthorized transactions dropped 52% in 2024 due to interventions.

• Ministry of Digital highlights 12,110 online scam cases in just the first 3 months of 2025 and launches AI training/guidelines to combat them.

• Police stats show 35,368 online fraud cases in 2024 with RM1.57b losses.

• Capability is real and evolving, but the scale of fraud still outpaces enforcement.

Malaysia is heavily hit by online scams and fraud, with a high percentage of the population encountering scams monthly and rapidly rising financial losses. It is more a large-scale victim and conduit than a core scam-compound host, but sits in the same regional crime ecosystem.

​

• 74% of Malaysians report encountering scams monthly; 43% say scam activity increased over the past year.

• Online crime cases rose to 34,532 in 2023; e-commerce, telecom fraud, bogus investments, and fake loans dominate.

• Losses from online fraud hit RM1.57 billion in 2024, up 84% from 2022.

• Malaysia is deeply entangled in regional scam networks (e.g., victims, mule accounts, cross-border fund flows), even if the worst physical scam compounds are more associated with Cambodia/Myanmar.