Cybersecurity is one of the most dynamic and fast-moving areas of technology. New exploits are developed daily, and organisations worldwide repel hundreds of attacks each week. Companies have also found themselves at risk of being caught up in supply chain attacks, a key reputational risk.

As governments embrace digital transformation, moving critical infrastructure and data into the cloud, the threat of destabilising attacks rises and in a volatile geopolitical climate, the potential for highly disruptive cyberattacks are at fever pitch.

Most countries understand the threat well and are increasing investments in their national security industry. Globally, by the end of 2024, the cyber industry, which includes software and hardware, is projected to grow to an estimated $200 billion, up about 12% from 2023 and almost double what its value was in 2019, when it was an estimated $116 billion.

This is according to latest analysis from market intelligence firm GlobalData, which projects investment will continue to ramp up over the next few years. GlobalData analysts anticipate the cyber industry to be worth $290 billion by 2027.

Managed services is already the largest single sub-segment of the worldwide cyber market, but there is a lot more growth to come for these services – those that are outsourced to an external vendor or supplier. Between 2022 and 2027, this segment is projected to grow at a 13% compound annual growth rate (CAGR), topping $100 billion in three years’ time.

This makes sense given that many businesses face a cybersecurity skills gap and AI-based threats are making this worse. Software giants like Oracle, Amazon, IBM and Microsoft have been busy upgrading their managed detection and response service offerings with new AI technologies capable of addressing a more complex threat environment.

But businesses are also increasingly investing in setting up and expanding their own cybersecurity operations centres to protect their customer data and build resilience into their operations in a new era of AI – and working out where to locate these operations can be a tricky business.

Malaysia as a future cyber hub

Asia–Pacific (APAC) has been ahead of the curve in digital adoption over the past few years, focusing on developing a cyber ecosystem to secure a successful future. GlobalData figures suggest that by the end of 2024, the region will have almost doubled the size of its cybersecurity industry from 2019. By 2027, GlobalData analysis projects the market for cyber-oriented hardware, software and services in APAC to reach $98 billion by 2027.

Outside the region’s tech titans (China, Japan and India) Malaysia is starting to gain international recognition as an emerging cyber hub. The cyber industry in the South East Asian (SEA) country, which has been on a mission to digitise its economy since 1996 when the government first set up The Multimedia Super Corridor, is expected to be worth $1 billion at the end of the year, double its 2019 value, GlobalData projects.

By 2027, GlobalData expects Malaysia’s cyber market to grow to $1.7 billion.

Raymond Siva, head of the digital investment office at Malaysia Digital Economy Corporation (MDEC), the government agency created to accelerate Malaysia’s digital economy roadmap, says the focus will be on catalytic partnerships and strategic investments that will contribute to upskilling their workforce, and attract R&D opportunities and startups to scale transformative technology in the country.

“Cybersecurity is a critical growth segment for us in Malaysia. It is a vital enabler of our digital growth plans and we have policies and incentives in place that position Malaysia as a compelling location for cyber companies looking to access dynamic remote talent across the SEA region. As 5G and AI take centre stage, efforts are underway in our country to align regulations with the challenges and opportunities these technologies bring.”

MYR 60 million (US $12.72 billion) has been allocated in Budget 2024 to CyberSecurity Malaysia for developing a 5G Cyber Security Testing Framework and promoting local 5G expertise to manage cyber vulnerabilities during the transformation.

Underpinning Malaysia’s commitment to become a regional cyber hub and a secure environment for investors is the passing of its Cyber Security Bill 2024 in the national parliament. This brings the country’s legal framework on addressing cybersecurity in line with Singapore and the US. At a high level, it requires national critical information infrastructure (NCII) entities to comply with certain measures, standards and processes in the management of cyber security threats and events. In addition, Malaysia’s Personal Data Protection Act is projected to be tabled in parliament in the second half of 2024, potentially incorporating provisions such as mandatory breach notification, data protection officer requirements and a revamp of cross-border data transfer policies.

A law specifically governing AI is also being considered, which would provide a legal dimension to Malaysia’s National Artificial Intelligence Roadmap 2021-2025. The roadmap, an example of Malaysia’s forward-thinking approach to economic development, was introduced as a strategic commitment to responsible and secure AI development so as to harness the potential of AI innovation to drive growth.

Creating a high-tech workforce

To make sure that these laws can work as they should, Malaysia, like many countries, must close the skills gap in its workforce and add an estimated 13,000 trained professionals to its economy.

Worldwide, there is a shortfall of an estimated four million in the cyber workforce and there have been a number of different schemes in countries like the UK and Canada over the past 12-18 months to rapidly upskill career changers, high school leavers and cohorts outside the realms of degree students to solve this problem.

In Malaysia, a landmark deal between the government and Blackberry has paved the way for the innovator Canadian software firm to open a cybersecurity centre of excellence in Kuala Lumpur which will offer a suite of internationally recognised accelerated cyber training and coaching – unique in the region. The centre, which will offer highly-specialised courses delivered by the SANS Institute, Toronto’s Rogers Cybersecure Catalyst and other internationally recognised certification partners is a major step in Malaysia’s ambitions to become recognised as a future cyber leader.

The initiative builds on Mastercard’s announcement last year that it is partnering with Universiti Teknologi Malaysia (UTM) to offer practical and industry-relevant cybersecurity training aimed at mid-career changers.

Siva says these strategic public-private partnerships will support Malaysia in attracting cyber foreign direct investment (FDI), company SOCs and international cyber SaaS businesses in the coming years. “Our digital economy is approaching 25% of gross domestic product (GDP) and we are actively driving a complete transition of Malaysia’s national economy to unlock the vast potential of digitilisation. That means for the cyber industry, the market potential here is huge.”

Explore Malaysia’s digital industrial strategy and how it is becoming the digital heartland of South East Asia in this free report. Download here.