Strengthening cyber resilience: Perspectives from Malaysia, Canada, and the ITU

No nation can build cyber resilience on its own. The increasingly complex and cross-border nature of cyber threats demands global cooperation and collective readiness to ensure cyber resilience. 

This was the key message from the panel discussion titled Advancing Cyber Resilience at the recent Cyber Defence and Security Exhibition and Conference (CYDES) 2025, held in Putrajaya, Malaysia. 

The panel featured Malaysian Cyber Security Agency’s (NACSA) Chief Executive, Megat Zuhairy bin Megat Tajuddin; Canada High Commission’s Cyber Attaché (in Singapore) Frédéric Margotton; and International Telecommunication Union’s (ITU) Head of the Cybersecurity Division, Orhan Osmani.

NACSA’s Zuhairy opened the session with an honest reflection on how his agency had launched a server screening application immediately after he took office, aiming to provide the public with a sense of security.  

“But I later realised that feeling safe today does not mean we will be safe tomorrow,” he said, adding that the threat landscape has been evolving faster than any single policy or technology can keep up with, particularly with the emergence of quantum computing. 

“For Malaysia, the real challenge was to integrate cyber resilience as a dynamic strategy that continuously adapts and involves all parties at every level,” he added. 

Through its newly launched Cyber Security Strategy 2025–2030, Malaysia has been working to strengthen its cyber resilience through several actions, including enhancing capacity and skills, fostering innovation, reinforcing governance frameworks, and expanding international collaboration and partnerships. 

Strengthening global cooperation 

ITU’s Osmani noted that while more countries now have national or even regional cybersecurity strategies, the challenge lies in translating these strategies into tangible actions. 

“Hackers work together globally, so defenders must do the same,” he said.

He also highlighted the importance of connecting global systems with local capacity.

In many developing countries, limited capacity often leads them to rely on frameworks adopted from other nations, even though these frameworks might not fully align with the local context. 

To address this, the ITU helps countries build capacity not only in technical areas but also in the skills, governance, and legal environments needed for sustainable cyber resilience. 

Canada High Commission’s Margotton added that cybersecurity must be a multi-layered effort. Apart from the technology, diplomacy, shared norms, and international cooperation were critical to enhancing cyber resilience. 

“The cyber threat landscape was global, and our defences must be as interconnected as the threats we face.”  

According to Margotton, cyber diplomacy has often been seen as abstract, but he explained that cyber norms have real-world impact, helping countries manage incidents calmly and avoid unnecessary escalation. 

He encouraged ASEAN nations to continue using multilateral forums, including the UN Open-Ended Working Group and the Group of Governmental Experts, to collectively create norms that prioritise the safety and stability of communities across the region. 

To subscribe to the GovInsider bulletin, click here.  

Improving cross-border coordination 

The discussion on international cooperation shifted towards the need for better cross-border coordination, noting that vulnerabilities in one country could easily spread to others. 

Zuhairy shared examples of how Malaysia responded to real incidents that test its cross-border partnerships, including a focus on joint exercises and cyber threat simulations with ASEAN countries. 

He acknowledged that while frameworks and norms exist, their true value lies in practical application, particularly in the speed and trust of information exchange.  

Margotton added that clear communication lines and trusted points of contact were crucial. This meant that when an incident occurred, there needed to be clarity on who was to be contacted for immediate coordination.  

People at the core of cyber resilience 

All panellists emphasised that people were at the core of cyber resilience. However, building collective awareness was not an easy task. 

Zuhairy highlighted that one of the biggest challenges in building cyber resilience was the misconception that cybersecurity is solely the government’s responsibility. 

“People often see themselves merely as users, when in fact, they are also part of the resilience,” he said. 

Malaysia was addressing this through the MyCyberHero initiative, that aimed to provide cybersecurity literacy to children as young as seven, fostering cyber awareness from an early age. 

“Simple habits such as recognising phishing, regularly changing passwords, and maintaining digital hygiene could collectively reduce risks at a national level,” he added.  

Osmani emphasised the importance of placing vulnerable groups at the core of every national cyber resilience strategy.  

He noted that many communities and small and medium enterprises (SMEs) lack the resources to protect themselves or report incidents, making them more vulnerable. 

“Resilience must be inclusive, ensuring that rural communities, small businesses, and low-capacity sectors have access to education, tools, and support to protect themselves,” he said.