For leaders who oversees cyber security in a complex, data-rich ecosystem, the role of cyber security is no longer limited to compliance or technical defence—it’s become a strategic enabler of innovation, data governance, and business continuity.
“It’s all about data,” one of the leaders says. “How do we ensure customer data is processed with confidence, and how do we secure it across various platforms and third-party ecosystems?”
Cybersecurity as a Business Enabler
Cyber security leaders underscore the importance of shifting perception: from viewing cyber security as a barrier, to recognising it as a driver of innovation. This is especially critical in organisations that rely heavily on integrated services—airlines, hotels, transport, and education. These data-heavy environments require robust cyber security not just for defense, but to empower better decision-making and customer trust.
Cyber security is increasingly being used to enable innovation rather than acting as a hurdle. It plays a fundamental role in securing the vast amounts of data collected across multiple channels and ensuring its responsible use.
AI Misconfigurations: A Silent Threat
With enterprise AI platforms being widely adopted, a new risk has emerged – misconfiguration and improper governance of AI systems. In some cases, staff have unintentionally exposed sensitive data by misusing enterprise AI tools. Instances have been observed where systems were not configured properly, leading to situations where internal users fed sensitive information into the tools, allowing others to exploit vulnerabilities such as command injections to extract confidential data.
This highlights the pressing need for organisations to strengthen their AI governance, ensuring tools are secure by design and continuously monitored. It also emphasises the importance of collaboration between cybersecurity, IT, HR, and legal teams to define clear usage policies and enforce safeguards around emerging technologies.
Third-Party Risk & Data Privacy
Managing third-party integrations is another critical challenge. Aviation and other interconnected sectors often rely on travel platforms, payment gateways, and other partners to process customer data. These third parties essentially act as data custodians, but if a breach occurs on their end, accountability still falls on the organisation itself.
This becomes especially urgent with Malaysia’s upcoming Data Sharing Act, which will eventually extend beyond public agencies to cover private-public partnerships. As regulatory requirements tighten, organisations must proactively assess vendor security postures and create contractual frameworks that clearly define data protection responsibilities.
The Role of Cyber Security in Data Governance
Contrary to popular belief, cybersecurity does not lead data privacy initiatives but instead plays a critical supporting role. Legal and governance teams set the frameworks, while cyber security enforces them—through encryption, data retention policies, and secure disposal practices.
This collaborative approach ensures data privacy is upheld consistently and reinforces the need for cyber security to be embedded into enterprise-wide strategies rather than treated as an afterthought.
Final Thoughts
As Malaysia prepares to implement major legislative changes and digital transformation accelerates, cybersecurity leaders like Norman are setting the tone for a more strategic, risk-aligned approach. The lessons are clear: security must be embedded in every layer of the enterprise, AI must be governed as rigorously as any other data system, and third-party risks must be treated as your own.
Cybersecurity in Malaysia is entering a new era—one that demands both foresight and adaptability. For those willing to evolve, the opportunities to lead with resilience are immense.
If you have a story to tell about your cyber security journey, we'd like to hear from you at CISO Malaysia 2026. Reach out to Eleen Meleng for more information on how you can get involved