You are here


Survey Answer:

• The GPIS 1 for the Banking Sector outline the minimum responsibilities and requirements for planning and managing, as well as, establishing preventive and effective measures that should be implemented by institutions to mitigate the risks pertaining to the IT environment.
Under Part VIII (Annex) of the Guidelines, banks are required to report to Central Bank of Malaysia ("BNM") on any serious security breaches, system down-time and degradation in system performance that critically affects the bank/financial institution. The report should be made via telephone immediately upon detection by providing ‘initial information/observation’ and the subsequent formal report within 2 days from the date of the detection of the incident
• The Management of Cyber Risk Guidelines sets out the roles and responsibilities capital market entities in the oversight and management of cyber risk, cyber risk policies and procedures that should be developed and implemented, requirements for managing cyber risk and reporting requirements to the Securities Commission Malaysia.
Under the said Management of Cyber Risk Guidelines, the capital market entities are required to report any cyber breaches to the board of directors and periodically update the board on emerging cyber threats and their potential impact to the entity. The entity must then report to the Securities Commission Malaysia on any detection of a cyber incident which may or have had an impact on the information assets or systems of the entity, on the day of the occurrence of the incident. A report submitted to the SC must be made in accordance with the Cyber Incident Reporting Template as set out in the said Guidelines.

Provided By: