Kuala lumpur: About 30 per cent of Malaysian public-listed companies are at high risk of being hacked if specifically targeted. This conclusion emerged from LGMS Bhd's recent study, highlighting the pressing need for these companies to enhance their cybersecurity measures.

According to BERNAMA News Agency, LGMS, a Malaysian cybersecurity consulting firm, conducted this assessment. The findings were based on an analysis of 54 companies that received an 'F' rating from a sample of 186 assessed. The study employed a non-intrusive, outside-in assessment method, using publicly available commercial and open-source internet data to evaluate each company's cyber posture from a hacker's perspective.

The study results revealed that only 26 companies received an 'A' rating, while 46 were rated 'B', 33 'C', 27 'D', and 54 'F'. This indicates that 114 out of the 186 companies assessed fell below the top two rating bands, suggesting considerable room for improvement in their external cyber resilience. Companies with an 'A' rating were noted as having limited visible exposure, whereas 'F'-rated entities exhibited a large attack surface, making them highly susceptible to unauthorized access.

LGMS further illustrated that 'F'-rated entities are 13.8 times more likely to be breached compared to 'A'-rated entities. For 'B'-rated entities, the likelihood was 2.9 times, 'C'-rated entities 5.4 times, and 'D'-rated entities 9.2 times. The study pointed out that many vulnerabilities in the lower-rated group originated from websites and servers, underscoring the weaknesses in internet-facing systems.

The report highlighted that visible signs of suspicious activity might exist, although the study's methodology provided only a high-level overview rather than detailed internal forensics. The findings suggest that a significant portion of Malaysia's listed companies may still have exploitable attack surfaces if these weaknesses are not addressed.

LGMS emphasized the importance of identifying these vulnerabilities early to reduce exposure and fortify defenses before hackers can exploit them. The firm expressed its willingness to assist public-listed companies in understanding their external cyber risk posture and to share relevant insights to help them improve their cybersecurity measures.