Bursa Malaysia Berhad (“Bursa Malaysia” or the “Exchange”) was informed by a few brokers that they had encountered cybersecurity incidents within their system component. The affected brokers have contained the incidents through immediate isolation of the component and implementation of their internal incident response controls.
These reported incidents are limited to those affected brokers’ respective system, with no impact to the Exchange’s networks, platforms or infrastructure. All trading and market operations continue to function as usual.
The Exchange treats all cybersecurity matters with the highest level of vigilance. Immediately upon receiving these reports, we activated established cybersecurity response protocols and coordinated closely with the affected brokers to ensure rapid containment and remediation. The brokers are conducting full forensic investigations and will be submitting their reports through Bursa Malaysia’s supervisory channels. There has been no evidence of unauthorised trading activity or financial loss.
As a precautionary measure, the Exchange has also directed all brokers and selected vendors to conduct comprehensive screening of their systems. We have issued advisories and provided briefings to reinforce vigilance and ensure that these parties continue strengthening their cybersecurity safeguards.
As part of industry-wide measures established last year through the industry’s collective efforts to strengthen cyber resilience and protect the market ecosystem, the Exchange applies a set of additional risk controls across all brokers to mitigate potential systemic risks.
These measures include:
- Enforcement of multi-factor authentication (MFA) across all key interfaces connecting into the Exchange.
- Isolation protocols for affected connectivity and systems.
- Enhanced monitoring for early detection and prevention of anomalous activity.
- Strengthened incident response and escalation processes.
These initiatives increased preparedness across the industry and enabled a coordinated response and rapid containment of incidents.
The Exchange is also undertaking a comprehensive review of its IT Security Standards for brokers with the objective of enhancing overall cybersecurity resilience across the industry. This review includes measures to strengthen brokers’ oversight of their information service vendors and ensure that critical systems are safeguarded against emerging threats. The enhanced framework is targeted to come into effect in the fourth quarter of 2026.
We will continue to monitor the situation closely and take all necessary steps to protect the market from evolving cyber threats.
