AI is a powerful ally, not a lone savior. True cyber resilience demands human insight, layered defenses and continuous vigilance.
Artificial intelligence (AI) is getting considerable airtime as the silver bullet to patch cybersecurity holes. Across Malaysia, businesses are rushing to deploy AI-powered tools for faster detection, automated responses and machine-speed decision-making. It’s a seductive promise: fix cyber risk with smart tech.
But here’s the problem. Cybercriminals are adopting AI just as fast and they don’t care about compliance, ethics or protecting your bottom line.
Cybercrime Has Levelled Up
The current scam epidemic in Malaysia sees attackers using QR-code fraud, deepfake voices, fake banking apps blended with creatively ruthless social engineering to bypass detection and dupe even seasoned professionals. The tech is convincing, and the psychology behind it is even sharper.
Imagine a voicemail that mimics your CFO authorising a fund transfer or a chatbot that looks like it’s from your bank but is siphoning off your data in real time. These aren’t hypothetical scenarios – they’re happening now.
By September 2025, Malaysia had logged nearly 48,000 online fraud cases, racking up losses close to RM2 billion. In 2024, fraud alone burned Malaysian organisations for RM2.45 billion. If AI defences were enough on their own, these figures would be going the other way.
“AI won’t save Malaysian businesses from cybercrime on its own. Attackers innovate faster than algorithms, and human error remains the weakest link. True resilience comes from pairing AI’s speed with human judgment, continuous training, and a layered security strategy. Cybersecurity isn’t automated—it’s augmented.”
Aaron Bugal, Field CISO, APJ, Sophos
Automation Isn’t a Get-Out-of-Jail-Free Card
Let’s get this straight, AI isn’t infallible. It only knows what it’s been fed. Meanwhile, cyber attackers thrive on novelty. They twist, pivot and weaponise the unknown.
Even the best AI can be fooled through data poisoning, model manipulation, or simply exploiting human error. And human error? It’s the one constant AI still can’t patch. One distracted employee clicking a rogue link can instantly render millions of ringgit in cybersecurity spend pointless.
Machines Need Minders
So, what’s the answer? It’s not about replacing people with machines. It’s about enhancing humans with the right tools. Managed Detection and Response (MDR) is one way to do this.
Let AI chew through the data and flag anomalies, then allow human analysts to interpret the grey areas and respond decisively.
AI brings speed. Humans bring context. You need both if you want to be resilient, not just compliant.
Train Your People Continuously
Cybersecurity isn’t a one-off induction session. Threats evolve fast. So must your people.
From spotting deepfake content to recognising AI-powered scams, regular and realistic training is your best first line of defence. This includes simulating attacks that don’t feel like tick-the-box exercises.
Build a Security Strategy That Doesn’t Assume AI Will Save You
AI tools are just one layer. You need defence across every surface – endpoint, network, identity, cloud, email, and data. Each should feed into a cohesive, layered security framework. They must also be reviewed and refined constantly.
This isn’t about outspending attackers; it’s about outsmarting them.
Trust Is Your Currency. Don’t Let It Devalue
Malaysia is marching toward its digital economy ambitions. But here’s the kicker, if you’re betting everything on automation, you’re also betting on losing trust the moment it fails.
Regulators and customers alike won’t care how “advanced” your AI was if it couldn’t stop a breach.
Final Word: AI Won’t Save You But the Right People Using It Might
AI is powerful, no question. But cybersecurity is still – and always will be – a human story.
It’s about smart decisions, sharp awareness, and the kind of judgement no machine can replicate. The future of cyber defence in Malaysia isn’t automated, it’s augmented with skilled, trained people steering the ship, not just watching the dials.
In the end, it’s not AI that will save Malaysian businesses. It’s people who know how to use it wisely, and with eyes wide open.