Regulatory Response to Cybersecurity Risks Management in Malaysia: Case of Worms and Malware

Abstract

The increase in use of information and communication technologies (ICTs) brings about risks and ramifications, one of which is the intrusion of worms and malware into the computer systems and networks. Accordingly, a strong regulatory response needs to be in place to protect the users of the ICTs to avoid any unwanted incidents to the individual, the organisation as well as the nation. This study aims at highlighting case analysis of worms and malware attacks involving five (5) selected case studies, and the regulatory response to the cyber risks management in Malaysia, focusing on worms and malware attacks. Engaging in socio-legal approach, involving two datasets of worm and malware incidents, and written legal rules, the analysis was carried out using content and doctrinal analyses. The study reported five (5) selected case study incidents and three (3) pieces of written rules on the regulation of worms and malwares, being the Computer Crimes Act 1997, Guidelines on Management of Cyber Risks (2016) and Risk Management in Technology (2020). In addition, few international standards are also discussed. The implication of the study is better appreciation of the worm and malware incidents in the global context, as well as regulator’s initiatives in addressing such incidents in Malaysia. This paper could become a catalyst in studies of regulatory response mechanisms within the context of cybersecurity and cybersecurity risks management.