Kuala lumpur: Bursa Malaysia Bhd, in collaboration with Malaysia’s stockbroking industry, today announced a recommendation paper detailing a series of cyber resilience enhancements aimed at strengthening the integrity of the stockbroking ecosystem.

According to BERNAMA News Agency, these enhancements were developed in response to unauthorized trades that occurred in late April 2025. The recommendation paper is the result of efforts by an industry working group formed in June 2025, which includes representatives from bank-backed and non-bank participating organizations, as well as cybersecurity experts, and is chaired by Bursa Malaysia’s chief regulatory officer, Julian M Hashim.

The industry working group was tasked with evaluating current cybersecurity practices to identify vulnerabilities, developing industry-wide standards for IT risk management and incident response, and recommending regulatory and operational improvements, as stated in the exchange’s announcement.

Bursa Malaysia’s CEO, Datuk Fad’l Mohamed, emphasized the exchange’s commitment to investor protection and maintaining trust in the securities market. He stated that the enhancements demonstrate the industry’s dedication to cybersecurity and investor confidence, ensuring that investments are protected against cyber threats.

The statement from Bursa Malaysia outlines a two-pronged oversight approach to implementing the enhancements. This includes improving IT security standards for brokers by incorporating recommended cybersecurity and regulatory standards, as well as strengthening oversight of independent software vendors, which are order management systems providers.

The recommendations align with the Securities Commission Malaysia’s Guidelines on Technology Risk Management and Bank Negara Malaysia’s Risk Management in Technology framework. The recommendation paper aims to elevate industry-wide cybersecurity standards by setting clear expectations for brokers, including effective oversight of third-party technology service providers to ensure compliance with Bursa Malaysia’s requirements.

The enhancements are organized into nine key pillars that form a comprehensive framework for cybersecurity and regulatory controls, including security access controls, threat detection and protection, patch management, infrastructure and operational resilience, and recovery planning. Oversight of technology service providers, incident management, training and awareness, and the establishment of dedicated cybersecurity roles are also included.

Bursa Malaysia emphasized that recovery planning and incident management pillars must be fully compliant within three months of the paper’s issuance due to their importance in operational resilience and incident response preparedness. Compliance for system changes or infrastructure upgrades is targeted by December 31, 2026. For queries regarding the recommendation paper, brokers can email [email protected].