PETALING JAYA: Cybersecurity experts are calling for stricter security measures and frameworks to address the rising incidents of data leaks.

According to cybersecurity and artificial intelligence (AI) expert Assoc Prof Dr Selvakumar Manickam, the 1,192% increase in data breaches in Malaysia is not surprising, as many government agencies, private companies, and organisations lack the awareness, resources, and expertise to implement adequate cybersecurity measures.

ALSO READ: Nacsa: Safeguard entities under NCII

“Malaysia is rapidly digitising, with more businesses and individuals relying on online services and cloud computing.

“More and more systems are being deployed, and in most cases, security and privacy are not part of the design, resulting in a large number of easily penetrable systems. This simply increases the attack surface,” he said when contacted yesterday.

On Oct 17, it was reported that data breaches had surged in recent years, with 646 cases in 2023, a 1,192% jump from just 50 in 2022.

Digital Minister Gobind Singh Deo said the ministry recorded 427 data breach reports as of September this year.

Selvakumar said many organisations still rely on outdated IT systems and software with known vulnerabilities that attackers can easily exploit.

“These systems become a playground for the growing number of hackers worldwide, especially young individuals eager to break into systems and perform data breaches and other attacks for the glory of it,” he said.

“Experienced hackers delve deep into the digital ecosystem to steal valuable data and, in some cases, hold the government to ransom by threatening to disrupt critical national information infrastructure.

“In most cases, the motivation is financial gain. Cryptocurrency has become a conduit for cybercriminals, providing anonymity and untraceability in claiming ransoms,” he said.

According to him, data breaches are the most common threat in Malaysia.

“However, some incidents could actually be data leaks,” he added.

A data breach is an intentional, unauthorised intrusion into a system to access, steal, or manipulate sensitive data, while a data leak is an accidental or unintentional exposure of sensitive data, often due to inadequate security measures or human error.

“It is difficult to categorise the incidents in Malaysia due to a lack of information,” said Selvakumar.

He added that the two major types of data that were commonly breached were personal data – such as full names, MyKad numbers, addresses, phone numbers, e-mail addresses and even salary figures – and financial data, which includes credit card details, bank account numbers, and online transaction records.

“Personal information is highly valuable to cybercriminals as it can be used for identity theft, phishing scams, and other malicious activities,” he said.

Siraj Jalil, president of the Malaysia Cyber Consumer Association, said the recent surge in data breaches highlighted the urgent need for the country to fortify its cybersecurity stance.

“This escalation in cyberthreats affects not only personal data but also national security and public trust.

“To counter these challenges, we must implement a multilayered cybersecurity framework that combines real-time monitoring, AI-driven threat analysis, and strong public-private partnerships,” he said.

He added that transparency and accessibility in these frameworks were crucial to ensure that all stakeholders, from the government to the private sector, are aware of their roles and committed to collective responsibility.