Enhancing Technology and Cyber Resilience

Digital revolution has ushered in a new era marked by connectivity, convenience, and innovation. Consequently, an increasing number of capital market entities have harnessed these technologies to conduct their business. However, with the rapid adoption of technology, particularly in the capital market industry, the landscape is not without its challenges. Technology and cyber risks and threats are becoming more prevalent. To strengthen technology and cyber resilience, the SC has embraced a comprehensive four-pronged approach (1) cyber threat intelligence and awareness; (2) capability development; (3) policies and guidelines; and (4) audit inspection.

  • Cyber Threat Intelligence and Awareness
    In today’s digital landscape, where cyber threats continue to escalate in sophistication and scale, it is imperative for organisations to adapt and fortify their defences. Lack of capabilities in managing cyber threats could cause organisations to be vulnerable and exposed to cyber predators attacking for their advantage. As technology evolves, so do the tactics employed by cyber predators, making it crucial for businesses to stay ahead in the cybersecurity game.

    Recognising the pressing need, the SC takes a proactive approach by publishing its Cyber Threat Intelligence and Awareness (CTIA) analysis bi-annually to share observations on the evolving cyber risk landscape within the Malaysian capital market. The goal is to demonstrate commitment to the security of the capital market by providing the industry with timely and accurate information that will enable the organisations to prioritise resources, at the same time to better prepare them and enhance their understanding of potential cyber threats.

    Cyber-attacks analysis of global trends in 1H 2023 revealed that ransomware accounted for a staggering 34% of reported incidents globally, followed closely by data breaches at 21%, and malware at 15%. Notably, similar trends were observed in Malaysia, with ransomware constituting 31% of cyber incidents, data breaches at 27%, and malware at 15%. These statistics underscore the gravity of the cybersecurity challenges faced by both the world and the nation. The cyber-attack analysis also sheds light on some distinctive trends within Malaysia, specifically the rising occurrences of mobile attacks and supply chain attacks. These observations align with the findings presented in the SC’s 2H 2022 CTIA report. In that report, both mobile attacks and supply chain attacks were prominently acknowledged as burgeoning threats to the societal landscape, emphasising the need for vigilance and preparedness in these domains.
  • Capability Development
    The insights gleaned from the SC’s assessment of global and local threat trends have reinforced its commitment to enhance the preparedness and response capabilities of capital market entities. By aligning the content focus of SC Capital Market Cyber Simulations (CMCS) with the emerging threat landscape, we ensure that the exercises directly address the most pertinent and pressing challenges faced by the industry. This synergy between threat analysis and content development not only facilitates a more targeted and effective approach but also strengthens the overall resilience of the sector, allowing the SC to be better prepared in the ongoing battle against cyber threats.

    In essence, the SC’s decision to align its capability development exercise with the threat landscape analysis is a proactive measure to empower capital market entities with the knowledge and skills required to mitigate risks and safeguard the integrity of the financial industry.
  • Policies and Guidelines
    Looking ahead, technological advancements and changing consumer behaviours will continue to shape the future of the capital market. More capital market entities are embracing technology as the digital revolution reshapes the business landscape. Technologies like blockchain and AI are revolutionising traditional financial systems, paving the way for more transparent, efficient, and decentralised financial ecosystems.

    As such, capital market entities need to proactively addresses the potential technology risks, including cybersecurity and the ethical considerations surrounding AI. These technology risks hold particular significance in the context of the capital market, as disruptions within a financial intermediary could result in substantial financial losses for investors and even trigger systemic market events should it spread to other market participants.
    As data and technology become more intertwined with the capital market, it is crucial to remain mindful of the risks posed to investors, intermediaries, and the market as a whole.

    The SC introduced the Guidelines on Technology Risk Management (GTRM) on 1 August 2023, to provide a comprehensive regulatory framework for managing technology risk in capital market entities. These policies are designed to establish clear protocols for safeguarding information, mitigating cyber threats, and ensuring a secure digital ecosystem within the financial sector. The GTRM is expected to come into full force by the third quarter of 2024. These guidelines strive to be the central reference on technology risk management, serving as a framework for supervisors during assessments and examinations of entities. Additionally, it provides clear guidance on the GTRM requirements, setting the SC’s expectations for technology risk management among capital market entities.

    Ultimately, the SC’s objective is for all capital market entities to establish a robust and sound technology risk management framework, ensuring cyber resilience.
  • Audit Inspection
    By conducting supervisory assessments, the SC aims to identify vulnerabilities, assess the effectiveness of existing technology security practices and cybersecurity measures, and promote continuous improvement in the overall technology and cyber security posture of capital market entities.

    In 2023, the SC conducted a series of supervisory assessment on selected capital market participants which included onsite examination of the resilience of their cyber and technology risk management. Among others, these assessment takes into consideration the potential risk of ambiguity in technology and cyber security roles, failure to assess and address security risks associated with third-party, unidentified technology risk due to lack of tech risk management frameworks, delayed incident response and incomplete incident analysis.

    By addressing these areas of concern, the SC strives to not only identify vulnerabilities but also to foster a culture of continuous improvement. Through collaborative efforts with market participants, the SC endeavors to enhance the overall cyber security resilience of the capital market, ensuring a secure and robust digital environment for all stakeholders.

Mitigating Systemic Risks And Promoting Financial Stability

Enhanced Risk Governance Framework

In 2021, the SC-wide risk governance framework was enhanced as part of an overall initiative to have an effective integrated and predictive risk surveillance to maintain regulatory agility.

The structured risk governance framework integrated the wider spectrum of risks such as technology, cyber and conduct risk at the SC’s Systemic Risk Oversight Committee (SROC) and Accounting, Market and Corporate Surveillance Committee (ACMS).

Intensified surveillance

The SC continued to intensify its surveillance of systemic risk to maintain market resilience and stability. Regular SROC engagements were held to deliberate concerns emanating from various segments across the capital market. Domestic equity and bond market, foreign fund flows and trade participation continued to be monitored closely for potential stress points. 

In addition, measures and economic stimulus packages introduced by the government to weather the impact of COVID-19, market trading conduct and the financial position of listed companies were among the focus areas for discussion.

Thematic assessments

The SC also conducted thematic assessments covering investors’ fund flows, the position of firms, and policy decisions to ascertain the possible impact on the capital market. In 2021, the SC reviewed and enhanced its crisis indicators on potential emerging risks in the
capital market. 

The enhanced crisis indicators provided a reference point for escalation to SROC when the identified indicators and triggers materialised and ensured prompt response to manage and prevent any issues of concern that might lead to a systemic crisis.

Joint regulatory discussions

In 2021, the SC conducted frequent joint regulatory discussions with other authorities such as Bank Negara Malaysia (BNM) and Labuan Financial Services Authority (Labuan FSA) to identify systemic risk concern areas within the financial and capital markets in Malaysia.

Monitoring of various components of the capital market

The SC continued its efforts to undertake a methodological and integrated approach to ensure any potential systemic risk was being monitored, mitigated, or managed. Figure 1 highlights the findings from the following risk assessments on the various components of the capital market.

Related Links
© Copyright Securities Commission Malaysia | Contact UsDisclaimer | The site is best viewed with minimum resolution of 1280x1024
Follow us on:
Generic Popup