KUALA LUMPUR (May 10): Entities are expected to submit a declaration of compliance to the Securities Commission on the Guidelines on Technology Risk Management (GTRM) by the first quarter of 2025, as part of the regulator's commitment to promote cyber hygiene practices.

SC chairman Datuk Seri Dr Awang Adek Hussin said the GTRM, which will come into effect on Aug 1, 2024, is designed to guide market participants to establish sound and robust technology risk governance and oversight.

“Many industry players still fall short in their cyber hygiene practices, even in terms of basic controls for critical systems. This is highly concerning because such basic hygiene is fundamental to an organisation’s ability to defend itself,” he said.

Cyber hygiene refers to the practices and steps undertaken to minimise the risk of security crises such as cyber-attacks, ransomware and data loss.

"Many organisations are not keeping up with key security practices like penetration testing, vulnerability assessment, hardening practice, privileged access management and regular review on user ID, to name a few."

"This is alarming, especially with cyber incidents, such as ransomware and data breaches becoming more common," he said in his welcoming remark at the C-Suite Forum on Managing Technology and Cyber Risks.

As such, the SC is preparing the industry to face challenges through initiatives such as the GTRM and the Capital Market Cyber Simulation, according to Awang.

"By simulating real-world scenarios, organisations can test their response and recovery strategies, thereby strengthening their resilience against potential cyber threats," he said.

More information pertaining to the compliance declaration will be announced closer to the GTRM taking effect, he noted.