On 8 August 2024, BlackBerry Limited revealed new research at the NACSA Cybersecurity Summit, spotlighting the vulnerabilities in software supply chains within Malaysian organisations. The study showed that 79% of Malaysian IT decision-makers received notifications of supply chain attacks or vulnerabilities in the past year, higher than the global average of 76%. Nearly two in five organisations took up to a month to recover.
The research, conducted in April 2024 by Coleman Parkes, underscores the importance of secure software practices and regulation, particularly in light of Malaysia’s 2024 Cyber Security Act and the National Semiconductor Strategy announced in May. These initiatives aim to bolster security and support the country’s ambitions to become a global semiconductor hub.
The study identified operating systems (30%) and IoT/connected components (19%) as the most at-risk areas. Financial loss (71%), reputational damage (66%), and data loss (59%) were the most significant impacts reported after a supply chain attack.
Dr. Megat Zuhairy bin Megat Tajuddin, Chief Executive of NACSA, emphasised the need for improved cybersecurity measures, noting the critical role of the Cyber Security Act 2024 in enhancing Malaysia’s national infrastructure. He highlighted the importance of secure-by-design practices, compliance, and skills development to protect the software supply chain and support economic growth.

Christine Gadsby, BlackBerry Cybersecurity CISO, praised Malaysia’s efforts to increase regulatory measures and investment in cybersecurity. She stressed the importance of a comprehensive approach, including skilled workers, secure-by-design products, and AI-powered monitoring tools, to safeguard critical industries like semiconductor manufacturing.
Malaysian organisations were noted for their high compliance with security certifications. However, the survey revealed concerns, such as only 18% of companies requesting evidence of compliance with security certifications during onboarding and 81% discovering unknown members in their supply chain in the last year.
Despite these challenges, many organisations are taking proactive steps. Nearly a quarter of respondents perform software inventories monthly, though barriers such as a lack of technical understanding and skilled talent remain.
Gadsby concluded that while human factors continue to pose challenges, advancements in AI-powered technologies and compliance standards offer promising solutions to improve cybersecurity across Malaysia’s software supply chains.
For the full survey, click here. To learn more about AI’s role in cybersecurity, click here. Visit here for details on training courses at the Malaysia Cybersecurity Center of Excellence.