Securing the Future of Digital Transformation: Finance, Cyber Risk Management & Resilience – Day 2 at AIBP C&E Malaysia
The 47th edition of the ASEAN Innovation Business Platform (AIBP) Conference and Exhibition took place over 2 days in Kuala Lumpur, Malaysia on 4 - 5 September 2024.
Through a series of insightful presentations and engaging panel discussions, participants delved into the opportunities and challenges associated with adopting these technologies. The focus was on practical solutions and real-world applications that can drive efficiency, growth, and innovation within Malaysian enterprises.
On the first day, we looked at: (Read More Here)
Navigating AI Implementation in Malaysia
Building Resilience for the Future Workplace
Industry4wrd: Strategies for Growth, Innovation and Sustainability in Malaysia
On the second day of the conference, industry leaders across multiple sectors shared their insights on three critical themes: AI adoption in finance, the growing importance of cybersecurity, and the essential role of data governance. As Malaysia continues its digital transformation journey, these discussions highlighted the need for a strategic approach to navigating the opportunities and risks associated with technological advancements.
Modernising Finance
As AI continues to reshape the financial landscape, its adoption presents both opportunities and challenges for financial service firms in Malaysia. In a highly competitive market, leveraging AI to drive efficiency, enhance customer experience, and create innovative financial products is critical for staying ahead. However, the successful implementation of AI requires more than just adopting the latest technology—it also involves addressing concerns around biases, data privacy, and accountability. This session explored how financial institutions in Malaysia are integrating AI in a responsible and strategic manner, ensuring that it not only solves specific problems but also aligns with organisational goals.
Key takeaways from financial services leaders featuring insights from TNG Digital , CIMB , KWAP Malaysia include:
Focus on Problem-Solving: AI should be used to address specific challenges, not applied as a blanket solution for all problems.
User-Centric AI: The goal is to make banking experiences more intuitive and convenient for customers through AI applications.
Human Accountability: AI implementations must still rely on human oversight, especially in high-stakes decision-making.
In any kind of assessment that we are doing for Gen AI or AI or any kind of AI technology, we usually focus on three parts, the biases and the model side of it, we also focus on the data privacy, security, and the last part, I think not many people talk about it, is the strategy part of it, right? I think the biggest risk, other than the system and security, is that people sometimes have a wrong perception towards AI technology, right? For us, at least in TNG Digital, is: We always have a problem. Can AI solve this problem? It's not: We have AI. Can AI solve any of my problems?
Yeong Jin Foo , Chief Risk Officer, TNG Digital
(It’s important to understand) how they use the app, the product that you're making, and how easy it is for them to use it. People say that now we have AI or Gen AI, whatever we have or we want to use nowadays, we make them available to them as an end product. So it makes their way of banking or using any app or product more convenient.
Hans Raj, Vice President - PMO and Transformation, CIMB
We should not forget the fact that in the end, whatever AI technology that you deploy, the final gatekeeper will have to be a human being. Because in the end, you have to take accountability. Who is accountable? You can't say AI.
Maz Mirza , Chief Digital Officer, KWAP
Managing Risks in the Digital Age
Digital tools are becoming integral to business operations, cybersecurity is no longer just an IT concern—it's a critical component of an organisation's overall strategy. For enterprises in Malaysia, the rise of AI and automation brings tremendous potential but also introduces new risks. Cyber threats are evolving, and businesses must ensure they have robust cybersecurity measures in place to protect their assets and data while maintaining operational efficiency.
Key takeaways from the cybersecurity leaders featuring insights from CyberSecurity Malaysia , Permodalan Nasional Berhad, PNB Commercial Sdn. Berhad , AEON Bank and National Electronics and Computer Technology Center (NECTEC) include:
Embed Cybersecurity in Strategy: Cybersecurity should be a core part of the organisation’s strategy, not an afterthought.
Transparency with Customers: It is vital to keep customers informed about the reasons behind increased security measures.
Industry-Wide Collaboration: Cybersecurity requires coordinated efforts across industries and authorities to effectively manage evolving threats.
In Malaysia, AI has the potential to revolutionise sectors such as agriculture, healthcare and finance, driving efficiency and fostering innovation. However, as we harness AI's potential, we must also address critical ethical considerations, data privacy, and ensure that these technologies benefit all Malaysians. Our goal must be to bridge gaps, not widen them
Dato Dr Amirudin Abdul Wahab Dato' Dr Amirudin Abdul Wahab, Chief Executive Officer, CyberSecurity Malaysia
(On balancing the need for proper cybersecurity measures with maintaining operational efficiency and business continuity) One, have it part of the broader organisation strategy, so it's always part of that daily consideration. Second is, if it's specific to BAU projects, then making sure it's from the start, so that then you don't have to firefight later, and the third is to have an overarching program so that you support the day to day practitioners that need to fight the battle.
Aishah Farha Mohd Raih , CISO, Permodalan Nasional Berhad
The most important thing is to make sure that customers are kept informed and fully aware as to why things are being done in such a way, why some parts of the journey may no longer be as quick and as fast as what used to be, no longer just a few fingertips. It may require some additional checks and due diligence behind the scene as well. That's why, a concerted effort is required, not just as an industry, but also from the authorities as well, to make sure that everyone's made aware of those initiatives.
Irfan Amer, CISO, AEON Bank
If we want standardisation in the overall organisation, first of all, we need to set the standards. What are the standards that we are going to follow? What is the fundamental that we need to address? That will be the basis for us to come up with the policies, the procedures, how to protect the overall organisation, how the staff will behave. What are the activities that we will conduct for all the staff, in terms of awareness, in terms of the readiness for the overall protection for IT security.
Ts. Saiful Bakhtiar Osman, Head of IT - Shared Services, PNB Commercial
When we link to research on cyber resilience, we need to talk with a lot of stakeholders first. We don't just have research output on academic paper, because we cannot do anything with them, but we have to talk with industry stakeholders or government sectors. When you talk with the real users, you can know the real impact, the real risk. It's just not from your own perspective.
Chalee Vorakulpipat, PMP, CISSP, CISA Principal Researcher, Head of Information Security Research Team, National Electronics and Computer Technology Center (NECTEC)
Building Resilient Data Culture
As businesses in Malaysia increasingly rely on data to drive decision-making, ensuring that data is properly managed, protected, and governed is crucial. The growing demand for real-time data, especially in sectors such as healthcare and finance, introduces new challenges in maintaining data integrity, privacy, and security. Data governance is no longer just about compliance—it’s a critical factor in maintaining customer trust and ensuring operational efficiency.
Key takeaways from the leaders featuring insights from National Cyber Security Agency (NACSA), Malaysia , Axiata , IHH Healthcare and CelcomDigi include:
Proactive Data Management: Organisations need to manage data comprehensively, from storage to deletion, ensuring compliance and security throughout the lifecycle.
Real-Time Data Protection: The demand for real-time data access, particularly in healthcare, requires stringent security measures to protect sensitive information.
Building In-House Capabilities: Organisations must focus on building internal capabilities to manage data securely and efficiently.
I think we are still experimenting with that kind of capability, or we call it the Early Warning, to make sure that at least we can minimise the risk, especially when it comes to ransomware attack targeting in Malaysia. Hopefully we can at least evolve this kind of capabilities and service to all these critical infrastructures and help to protect Malaysia in a more proactive way. But at the same time, if there's a crisis, crisis happens after the incident occurs, we still come in, and I love to emphasise that as a friendly party, not as a regulator. Even with the new Act, we are not going to bring the stick first, we want to bring the carrot first.
Mohamed Kheirulnaim, P.Tech (CS),Head of Incident Response & Cyber Threat Intelligence, NACSA
We focus on building in-house capabilities. It was not just about investing in technology. It is about building capabilities which can manage those technologies, configure it, design it, and operate it at the right level. And that's what was the genesis of building the cyber fusion center in Malaysia, right? Because we figured that talent is limited, like what Naim (NACSA speaker) was talking about in the region itself. So because talent was limited, we wanted a center of excellence, so to speak, for cyber. So all of these things cumulatively has helped us make sure that whatever data we capture, store, process and archive, I'm going into archival as well, because there is data which gets archived as well, so that entire life cycle is governed adequately, all the way to the the deletion or destroying part of it, and we govern it accordingly.
Suresh Sankaran Srinivasan, Group Head - Cyber Security & Data Privacy, Axiata
Everybody wants everything real time, same with our medical information. Now that comes with its own risk. How do you protect your own end device? If you lose your phone, what happens? So there's layers of protection there, right? Not only do you have your health data, which is very, very sensitive, but you also have your financial data in there, your credit card information and so on, because payment can be done through that as well. So it's easy, but it's also dangerous. How do we protect that? This comes with all sorts of endpoint protection, firewalls and whatnot, but, you can only do so much. The threat is evolving by the minute, not even by the day.
Nili Shayrina Saat ,Group Head, Risk Management & Compliance IHH Healthcare
We really go all out in identifying what is a critical impact to the business as well as to the customers, as those need to be well guarded and protected, and then subsequently we look into reducing costs, right? For cost optimisation, data governance has a role to play here. We look into the existing impactful processes that can be further enhanced with automation, for instance
Ts. Jacky Cheong, MSc. Computer Science, P.Tech, Head of Enterprise Data Governance CelcomDigi
We hope that the discussions have provided valuable insights into the evolving landscape of digital transformation across various sectors in Malaysia. As we continue to explore these critical topics, we look forward to further engaging with industry leaders and stakeholders across ASEAN in the coming months.
Find out more about our 2024 AIBP Conference and Exhibition in ASEAN
48th Edition, AIBP C&E Philippines, City of Dreams Manila, 17 - 18 September 2024
You can also read the takeaways from the
