KUALA LUMPUR: Bursa Malaysia Bhd has formed a dedicated industry working group to strengthen cyber resilience across the Malaysian stockbroking ecosystem.

In a statement, the stock exchange operator said this coordinated effort follows the unauthorised trades incident on April 24, 2025.

“The industry working group represents a concerted effort to strengthen the cyber resiliency of our trading ecosystem. The industry recognises that cyber resiliency is not just a technology best practice — it is the cornerstone of a trusted and vibrant capital market.

“A resilient ecosystem safeguards investor confidence, upholds market integrity, and ensures that our digital infrastructure can withstand and adapt to evolving threats,” chief executive officer Datuk Fad’l Mohamed said.

The industry working group, chaired by Bursa Malaysia chief regulatory officer Julian M Hashim, comprises representatives from four bank-backed participating organisations (POs), two non-bank POs, and two subject matter experts in the field of cybersecurity.

The group held its inaugural meeting on June 17, 2025, during which it finalised its terms of reference. Its mandate includes assessing current cybersecurity practices and identifying systemic vulnerabilities within the stockbroking ecosystem.

Additionally, the group will work on developing industry-wide standards and best practices for information and communication technology (ICT) risk management and incident response.

It is also tasked with recommending enhancements to regulatory frameworks and operational protocols to strengthen overall cyber resilience.

The industry working group targets to finalise its recommendation paper within four months, with the subsequent implementation phase focused on the execution of the recommendations.

Acknowledging the different levels of operational complexity among stockbroking firms, industry consultations will be held to ensure the recommendations are practical and fit for purpose.

Bursa Malaysia said stockbroking firms have recently implemented precautionary measures, including mandatory password resets, enhanced monitoring of unusual logins, blocking suspicious IP addresses, and issuing client alerts to safeguard login details.

In line with these efforts, Bursa Malaysia had on May 21, 2025 sent out a directive to mandate that all stockbroking firms implement multi-factor authentication by the end of 2025.

This requirement is a critical step towards enhancing the security of investor trading accounts and mitigating the risk of unauthorised access.