Majority of Malaysian organisations are facing escalating cyber attacks powered by AI while cyber security investment is lagging.
According to a new study commissioned by cyber security firm Fortinet, 54% of Malaysian organisations recorded a twofold rise in AI-enabled threats. At least 24% of the organisations participating in the study were found to have the cyber attacks on them surging three-fold over the last one year.
The regional survey was conducted by the International Data Corporation across 11 Asia-Pacific countries. Fortinet Malaysia country manager Kevin Wong said the data reflected a worrying trend in the evolution of cyber crime, with AI now enabling attackers to launch highly sophisticated, faster and more adaptive attacks than traditional, manually executed intrusions.
“To illustrate the scale, automation is driving up to 36,000 scam attempts every second, and we saw 97 billion exploitation attempts in just the first half of last year. AI is multiplying this trend two to three times over.”
He said according to IDC, more than 100 billion stolen records linked to Malaysian organisations were being traded on the dark web.
“Credential theft alone has risen by over 500 per cent in the past year,” Wong noted. “Phishing attacks, now powered by AI, are becoming far more targeted and difficult to identify. Traditional cyber defence tools simply cannot keep up. This is why AI also needs to be deployed on the defensive front – to meet speed with speed.”
Mr Wong said that the nature of cyber risk had fundamentally changed, no longer appearing as isolated incidents but as an ongoing, evolving threat.
He said, “Cyber security can no longer be reactive. With AI-driven threats, a proactive, intelligence-led approach is imperative. That is why we partnered with IDC – to gain insight into how security leaders across the region are responding, and where the most significant vulnerabilities remain.”
Despite the growing sophistication and frequency of attacks, cyber security investment remains low in Malaysia. Fortinet vice president of marketing and communications for Asia, Australia and New Zealand Rashish Pandey said on average, just 15% of IT budgets in Malaysia are dedicated to cyber security, equating to just over 1% of total company revenue.
Mr Pandey said, “One of the core challenges is that cybersecurity is often framed in technical terms, which can be difficult for boards and senior leadership to contextualise. We are working to reframe the conversation around business impact, risk exposure, and strategic resilience.”