Malaysia’s increasing reliance on digital technologies has fundamentally changed the national risk landscape. As highlighted in the Malaysia Cyber Security Strategy 2020–2024 (MCSS), cyberspace now underpins economic activity, public services, national security, and societal well-being
With this growing dependency comes an equally expanding exposure to cyber threats — ranging from financially motivated cybercrime to sophisticated, state-sponsored attacks. The Strategy recognises cyber security as a national priority, requiring coordinated action across governance, legislation, technology, and human capability.
Within this environment, cyber insurance plays a complementary role in supporting cyber resilience.
Cyber Risk as a Persistent and Systemic Threat
The Strategy makes clear that cyber threats are persistent, borderless, and evolving. Malaysia has experienced a steady rise in reported cybercrime cases and cybersecurity incidents, with substantial financial losses recorded annually
Importantly, cyber incidents are no longer limited to data theft or system disruptions. They now include:
- Business interruption caused by system outages
- Financial losses arising from fraud and extortion
- Legal and regulatory exposure
- Reputational damage affecting public trust
The Strategy explicitly acknowledges that cyber threats can never be fully eradicated as long as systems remain interconnected — they can only be managed and mitigated
Cyber Resilience: Beyond Technology Alone
A central theme of the MCSS is that cyber resilience does not rely solely on technology. The Strategy emphasises the interdependence of people, processes, and technology in managing cyber risks effectively
Despite investments in security controls, vulnerabilities continue to arise due to:
- Human error and lack of awareness
- Insider threats
- Legacy and unsupported systems
- Supply-chain and third-party exposures
As noted in the Strategy, even well-designed systems remain exposed if governance, compliance, and operational discipline are lacking
The Role of Cyber Insurance in a National Cyber Framework
While the Malaysia Cyber Security Strategy focuses primarily on prevention, governance, and response capabilities, it implicitly recognises that risk cannot be eliminated entirely.
Cyber insurance fits into this framework as a financial risk-transfer mechanism, designed to support recovery when preventive and detective measures are overwhelmed.
In the context of the Strategy, cyber insurance aligns with:
- The need for business and operational continuity
- Managing the economic impact of cyber incidents
- Supporting recovery costs associated with investigations, legal actions, and crisis management
This reflects the Strategy’s broader objective of fostering a secure, trusted, and resilient cyberspace while sustaining economic stability and confidence in digital systems
Governance, Accountability, and Insurability
The Strategy places strong emphasis on governance, compliance, and adherence to recognised standards such as information security management systems and regulatory frameworks
This has direct relevance to cyber insurance, as insurability is closely tied to:
- Demonstrable cyber governance
- Documented policies and procedures
- Compliance with applicable laws and standards
- Evidence of reasonable cyber security practices
From a risk perspective, cyber insurance does not replace cyber security controls; rather, it operates on the assumption that baseline governance and controls exist.
Cyber Insurance as Part of a Layered Defence Strategy
The MCSS consistently reinforces that cyber security requires shared responsibility and multi-layered defences, combining prevention, detection, response, and recovery
Within this layered approach:
- Technology mitigates technical vulnerabilities
- Governance and legislation define accountability
- Awareness and education reduce human-related risks
- Cyber insurance addresses residual financial exposure
This positioning places cyber insurance as a supporting pillar in national cyber resilience, rather than a standalone solution.
Conclusion: Financial Resilience in an Inevitable Risk Landscape
The Malaysia Cyber Security Strategy 2020–2024 acknowledges a fundamental reality:
cyber threats are unavoidable, but their impact can be managed.
In this context, cyber insurance serves as a mechanism to absorb financial shocks arising from cyber incidents, complementing the Strategy’s focus on governance, capability building, and technological safeguards.
As Malaysia continues its digital transformation, the integration of cyber insurance into broader cyber risk management frameworks supports the Strategy’s vision of a cyberspace that is secure, trusted, and resilient.
Speak to Minaris Risk Management
If you are reviewing your Professional Indemnity Insurance or Top-Up PII limits, our specialist team is ready to assist.
Jayadarshiniy Sankar is a Senior Insurance Advisory Manager with a background in law and over 5 years of experience in professional indemnity and general insurance. She specializes in regulatory compliance and client solutions, delivering tailored coverage with prompt, results-driven support while actively educating clients through industry content and guidance.