Regulatory Response to Cybersecurity Risks Management in Malaysia: Case of Worms and Malware


  • Felicia Yong Yan Yan Lee Kong Chian Faculty of Engineering and Science, Department of Surveying, Universiti Tunku Abdul Rahman, 53300 Kuala Lumpur, MALAYSIA
  • Ani Munirah Mohamad Universiti Utara Malaysia
  • Grace Sharon


Cyber risks, Cybersecurity, Cyber crimes, Risk management, Regulatory response


The increase in use of information and communication technologies (ICTs) brings about risks and ramifications, one of which is the intrusion of worms and malware into the computer systems and networks. Accordingly, a strong regulatory response needs to be in place to protect the users of the ICTs to avoid any unwanted incidents to the individual, the organisation as well as the nation. This study aims at highlighting case analysis of worms and malware attacks involving five (5) selected case studies, and the regulatory response to the cyber risks management in Malaysia, focusing on worms and malware attacks. Engaging in socio-legal approach, involving two datasets of worm and malware incidents, and written legal rules, the analysis was carried out using content and doctrinal analyses. The study reported five (5) selected case study incidents and three (3) pieces of written rules on the regulation of worms and malwares, being the Computer Crimes Act 1997, Guidelines on Management of Cyber Risks (2016) and Risk Management in Technology (2020). In addition, few international standards are also discussed. The implication of the study is better appreciation of the worm and malware incidents in the global context, as well as regulator’s initiatives in addressing such incidents in Malaysia. This paper could become a catalyst in studies of regulatory response mechanisms within the context of cybersecurity and cybersecurity risks management.




How to Cite

Yan Yan, F. Y., Mohamad, A. M., & Sharon, G. (2022). Regulatory Response to Cybersecurity Risks Management in Malaysia: Case of Worms and Malware. Research in Management of Technology and Business, 3(2), 85–97. Retrieved from