Bursa Malaysia Berhad (“Bursa Malaysia” or the “Exchange”) today announced the formation of a dedicated industry working group to enhance cyber resilience across the Malaysian stockbroking ecosystem. The establishment of the industry working group is a coordinated action, moving forward from the unauthorised trades incident on 24 April 2025.
Dato’ Fad’l Mohamed, Chief Executive Officer of Bursa Malaysia said, “The industry working group represents a concerted effort to strengthen the cyber resiliency of our trading ecosystem. The industry recognises that cyber resiliency is not just a technology best practice — it is the cornerstone of a trusted and vibrant capital market. A resilient ecosystem safeguards investor confidence, upholds market integrity, and ensures that our digital infrastructure can withstand and adapt to evolving threats.”
The industry working group, chaired by Encik Julian M Hashim, Chief Regulatory Officer of Bursa Malaysia, comprise representatives from four bank-backed Participating Organisations (POs), two non-bank POs and two subject matter experts in the field of cybersecurity.
The group held its inaugural meeting on 17 June 2025, where it finalised its terms of reference. Its mandate includes:
- Assessing current cybersecurity practices and identifying systemic vulnerabilities within the stockbroking ecosystem;
- Developing industry-wide standards and best practices for information and communication technology (ICT) risk management and incident response;
- Recommending enhancements to regulatory frameworks and operational protocols to improve cyber resilience.
The industry working group targets to finalise its recommendation paper within four months, with the subsequent implementation phase focused on the execution of the recommendations.
Recognising the diversity in operational complexity across stockbroking firms, consultation with the industry will be carried out to ensure the recommendation paper is practical and fit for purpose.
The establishment of the industry working group is part of a broader commitment to strengthen the industry’s cyber resilience. In recent months, stockbroking firms have adopted precautionary measures such as mandatory password resets, enhanced monitoring of unusual logins, blocking suspicious Internet Protocol (IP) addresses, and issuing client alerts to ensure login details are always kept secure.
In line with these efforts, Bursa Malaysia had on 21 May 2025 sent out a directive to mandate that all stockbroking firms implement multi-factor authentication by the end of 2025. This requirement is a critical step towards enhancing the security of investor trading accounts and mitigating the risk of unauthorised access.
Bursa Malaysia remains committed to safeguarding investor confidence and market stability through proactive regulatory leadership and collaborative action.
