← Back to Home

Act 854

Cybersecurity Act 2024

Malaysia's comprehensive national cybersecurity legislation protecting National Critical Information Infrastructure (NCII). In force since 26 August 2024.

Royal Assent

18 June 2024

Gazetted

26 June 2024

In Force

26 August 2024

Sector Leads

11 September 2024

How Ready Is Your Organization?

Take our free 134-point compliance self-assessment to evaluate your Act 854 readiness and identify gaps.

Take Assessment

Purpose & Objectives

Enhance national cybersecurity with comprehensive regulatory framework

Protect National Critical Information Infrastructure (NCII)

Manage cybersecurity threats and incidents effectively

Regulate cybersecurity service providers through licensing

Strengthen Malaysia's cyber-resilience and protect key infrastructure

Enable smoother international trade and cooperation

The 11 NCII Sectors

Organizations in these critical infrastructure sectors fall under Act 854

1. Government

Ministries, regulatory bodies, public service agencies

2. Banking & Finance

Banks, insurance companies, stock exchanges, payment providers

3. Transportation

Aviation, maritime, rail, public transport systems

4. Defence & National Security

Military installations, security agencies

5. Information, Communication & Digital

Telecommunications, data centers, ISPs

6. Healthcare Services

Hospitals, medical facilities, health information systems

7. Water, Sewerage & Waste Management

Water treatment, sewerage systems

8. Energy

Power generation, transmission, oil and gas infrastructure

9. Agriculture & Plantation

Critical food supply systems

10. Trade, Industry & Economy

Key economic infrastructure

11. Science, Technology & Innovation

Research facilities, technology infrastructure

Key Compliance Requirements

Mandatory measures for NCII entities

Codes of Practice

  • Implement sector-specific cybersecurity measures
  • Align with national and international standards
  • Document compliance for NACSA verification

Risk Assessments

  • Conduct at least once per year
  • Identify vulnerabilities and threats
  • Submit results to Chief Executive within 30 days

Cybersecurity Audits

  • Conduct at least once every two years
  • Use approved auditors only
  • Verify adherence to the Act

Incident Notification

  • 6 Hours:Notify NACSA and Sector Lead via NC4S
  • 14 Days:Submit supplementary details
  • Include nature, severity, and response actions

Penalties for Non-Compliance

Act 854 imposes severe penalties to ensure compliance

OffenseFineImprisonment
General Non-ComplianceUp to RM200,000Up to 3 years
Failing to Implement Codes of PracticeUp to RM500,000Up to 10 years
Failing to Notify Incidents (6-hour rule)Up to RM500,000Up to 10 years
Unlicensed Cybersecurity ServicesRM500,000Up to 10 years

Note: Penalties may include fines AND imprisonment. Malaysia's penalties are more severe than Singapore's Cybersecurity Act for similar offenses.

How CID Can Help

Comprehensive Act 854 compliance solutions backed by 34 years of security heritage

Compliance Gap Assessment

Evaluate current posture, identify gaps, map infrastructure against NCII criteria

Code of Practice Implementation

Interpret and deploy sector-specific cybersecurity measures and standards

Risk Assessments & Audits

Conduct annual assessments and biennial audits with approved methodologies

Incident Response Support

Establish 24/7 detection, develop NC4S reporting procedures, meet 6-hour rule

Training & Capacity Building

NACSA Academy programs, staff awareness, incident response training

Ongoing Compliance Management

Continuous monitoring, regulatory updates, liaison with NACSA

Get Compliance Support

Why Choose CID

34 Years Heritage

Security excellence through CF Group

NACSA Alignment

Direct engagement with national cybersecurity agency

Local Expertise

Deep understanding of Malaysian regulatory landscape

End-to-End Solutions

Comprehensive compliance services

Proven Track Record

Trusted by government and critical infrastructure

Continuous Support

Ongoing compliance management and updates

Ready to Achieve Compliance?

Non-compliance can result in fines up to RM500,000 and imprisonment up to 10 years. Let CID be your trusted partner in navigating Act 854 requirements.

Request ConsultationContact Us

Information compiled from official NACSA publications, Attorney General's Chambers gazettes, and leading legal analyses. Current as of January 2025.