Cybersecurity readiness in Malaysia remains critically low, with just 3% of organizations achieving the ‘Mature’ level required to fend off modern cyber threats, according to the Cisco 2025 Cybersecurity Readiness Index.
While this reflects a marginal increase from 2% the previous year, it highlights a worrying trend—most Malaysian organizations remain underprepared in the face of escalating cyber risks, especially those driven by artificial intelligence (AI).
The findings come from a global survey of 8,000 business and security leaders, including Malaysian participants, and assess readiness across five pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification.
AI: Both a Tool and a Threat
AI is increasingly central to cybersecurity strategies, but it also introduces new layers of complexity. A staggering 93% of organizations in Malaysia experienced AI-related security incidents in the past year.
Even more concerning is the lack of awareness among employees—only 51% of companies believe their workforce fully understands AI-related threats, and just 49% are confident their teams know how cybercriminals are leveraging AI.
This gap in understanding makes organizations highly vulnerable. Although AI is being used for threat detection (83%) and response and recovery (69%), the lack of knowledge about how AI can be manipulated is a serious blind spot.
Shadow AI: The Hidden Cybersecurity Risk
The rise of “Shadow AI”—the use of unauthorized AI tools—presents another massive challenge. About 67% of companies in Malaysia admit they are not confident in detecting unregulated AI deployments.
Furthermore, 25% of employees reportedly have unrestricted access to public GenAI tools, while 61% of IT departments remain unaware of how employees are using these tools.
This lack of oversight could lead to data breaches, privacy violations, and unintended exposure of sensitive company information.
Unmanaged Devices and Hybrid Work: A Risky Combo
The hybrid work model, though increasingly standard, has also widened the threat surface. 87% of organizations in Malaysia report increased security risks due to employees accessing corporate networks through unmanaged devices.
When combined with the use of unapproved AI tools, the risks escalate significantly.
Investment and Infrastructure: Falling Short
While 96% of organizations plan to upgrade their IT infrastructure, only 44% allocate more than 10% of their IT budget to cybersecurity—a 14% drop from the previous year.
This misalignment is concerning, especially when 83% of companies cite complex and fragmented security systems as a major hurdle in responding to threats effectively.
Most companies currently juggle more than 10 different security solutions, which not only complicates operations but also slows down response times in the event of a breach.
Talent Shortage: A Growing Concern
The report also highlights a serious shortage of skilled cybersecurity professionals, with 90% of organizations struggling to fill roles, and nearly half reporting over 10 vacancies.
This talent gap further weakens the ability to develop and maintain a robust security posture.
The Way Forward: Simplification and AI Awareness
To combat this growing crisis, organizations must rethink their security strategies. According to Cisco, key priorities should include:
- Investing in AI-powered cybersecurity solutions
- Simplifying security infrastructure to enable faster, more cohesive responses
- Training employees on AI risks and threat detection
- Managing access to GenAI tools to avoid data leakage
- Addressing the cybersecurity talent gap with upskilling and recruitment efforts
As Tay Bee Kheng, President of Cisco ASEAN, aptly puts it:
“AI opens up new possibilities but also adds complexity to an already challenging security landscape… Organizations must not only leverage AI for defense but also ensure AI itself is secure and scalable.”
With cyberattacks becoming more frequent and complex, the time to act is now. Organizations in Malaysia must increase investments, boost awareness, and simplify their systems to survive the next wave of AI-driven threats. Failure to do so could leave them exposed and unprepared for the challenges ahead.
Keywords:
- Malaysia cybersecurity 2025
- Cisco Cybersecurity Readiness Index
- AI security threats
- shadow AI Malaysia
- cybersecurity talent shortage
- GenAI risks
- AI in cybersecurity
- unmanaged device risks
- cybersecurity investment Malaysia
