Cyber Threats Unmasked: Malaysia’s Legal Safeguards

by loswebstudio99 in Newsletter

CYBER THREATS UNMASKED:

MALAYSIA'S LEGAL SAFEGUARDS

brought to you by Suppiah & Partners

The cybersecurity landscape continues to evolve with various emerging threats, such as AI-driven cyberattacks and deepfake scams that leverage advanced technologies for malicious purposes.

Organisations must remain vigilant against these evolving threats while adhering to local regulations that govern cybersecurity practices in Malaysia.

DDOS ATTACK

DESCRIPTION

A Distributed Denial-of-Service (DDoS) attack aims to disrupt normal traffic by overwhelming a web property with massive requests from multiple devices (botnet).

CHARACTERISTICS

  • Utilizes multiple compromised devices (bots).
  • Targets network bandwidth or application resources.
  • Does not require access to internal systems.

OPERATIONAL / BUSINESS IMPACT

  • Service outages.
  • Loss of revenue.
  • Damage to reputation.

PREVENTIVE MEASURES / RESPONSES

  • Use of DDoS mitigation services.
  • Traffic filtering and rate limiting.
  • Regular system updates.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Governed by the Cyber Security Act 2024, which mandates compliance for NCII sectors.
  • Non-compliance can lead to fines up to 500,000 ringgit or imprisonment for up to ten years.

THE HOOLIGAN

Like a hooligan, a DDoS attacker causes chaos and disruption, overwhelming systems and services with no intention of directly stealing but instead creating noise and destruction.

RANSOMWARE ATTACK

DESCRIPTION

Ransomware is malicious software that encrypts files and systems, rendering them inaccessible until a ransom is paid.

CHARACTERISTICS

  • Encrypts data and demands payment for decryption.
  • Requires access to internal systems, often via phishing.
  • Typically demands payment in cryptocurrency.

OPERATIONAL / BUSINESS IMPACT

  • Data loss.
  • Operational downtime.
  • Significant financial costs for recovery and ransom payment.

PREVENTIVE MEASURES / RESPONSES

  • Regular backups and disaster recovery plans.
  • Employee training on phishing.
  • Endpoint protection solutions.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Subject to the Cyber Security Act 2024; organizations must notify incidents within six hours.
  • Penalties for failing to report can include fines up to 500,000 ringgit or imprisonment for up to ten years.
  • Subject to the Computer Crimes Act 1997 penalties (fines, imprisonment) could apply for any unauthorised modification of the contents of any computer.

THE KIDNAPPER

Encrypting critical data and demanding ransom mirrors a kidnapper holding a victim hostage for financial gain.

RANSOM DDOS (RDDOS) ATTACK

DESCRIPTION

A Ransom DDoS attack threatens to launch a DDoS attack unless a ransom is paid, without encrypting any data.

CHARACTERISTICS

  • Threatens service disruption rather than data encryption.
  • May follow an actual DDoS attack or be a threat.
  • Payment often requested in untraceable forms like Bitcoin.

OPERATIONAL / BUSINESS IMPACT

  • Service disruption without prior notice.
  • Potential financial losses from ransom payments.

PREVENTIVE MEASURES / RESPONSES

  • Implementing robust network security measures.
  • Monitoring traffic patterns for anomalies.
  • Having an incident response plan in place.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Governed by the Cyber Security Act 2024; compliance with incident reporting is mandatory.
  • Legal repercussions for non-compliance include fines and imprisonment.

THE EXTORTIONIST

The RDDoS attacker threatens service disruption unless a ransom is paid, akin to an extortionist intimidating victims without necessarily carrying out their threat.

PHISHING

DESCRIPTION

Phishing involves tricking individuals into providing sensitive information by masquerading as a trustworthy entity.

CHARACTERISTICS

  • Often conducted via email or instant messaging.
  • Uses deceptive links or attachments.
  • Targets personal and financial information.

OPERATIONAL / BUSINESS IMPACT

  • Financial loss.
  • Identity theft.
  • Loss of trust in digital communications.

PREVENTIVE MEASURES / RESPONSES

  • User education on recognizing phishing attempts.
  • Implementation of email filtering technologies.
  • Multi-factor authentication (MFA). Software updates.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Governed by the Personal Data Protection Act (PDPA) 2010, which requires organizations to protect personal data. Non-compliance can lead to fines up to RM300,000.
  • Subject to Section 17(3) of the Electronic Commerce Act 2006.

THE CON ARTIST

Phishing attackers rely on deception and impersonation to trick victims into revealing sensitive information, much like a skilled con artist manipulates trust to defraud.

SQL INJECTION

DESCRIPTION

SQL Injection involves inserting malicious SQL queries into input fields to manipulate databases.

CHARACTERISTICS

  • Targets web applications with database backends.
  • Can extract, modify, or delete data.
  • Often due to improper input validation.

OPERATIONAL / BUSINESS IMPACT

  • Data breaches.
  • Loss of sensitive information.
  • Potential legal liabilities.

PREVENTIVE MEASURES / RESPONSES

  • Use of prepared statements and parameterized queries.
  • Regular security testing and code reviews.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Subject to the Computer Crimes Act 1997, which criminalizes unauthorized access and data manipulation. Penalties include fines and imprisonment.

THE SAFECRACKER

Exploiting vulnerabilities in databases to extract, modify, or delete data is akin to a safecracker breaking into a vault to steal valuables.

MAN-IN-THE-MIDDLE (MITM)

DESCRIPTION

MITM attacks involve intercepting communication between two parties without their knowledge.

CHARACTERISTICS

  • Can occur over unsecured networks (e.g., public Wi-Fi).
  • Often uses spoofing techniques.

OPERATIONAL / BUSINESS IMPACT

  • Eavesdropping on sensitive data.
  • Data manipulation.

PREVENTIVE MEASURES / RESPONSES

  • Use of encryption protocols (e.g., HTTPS).
  • VPN usage on public networks.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Covered under the Computer Crimes Act 1997; unauthorized interception of communications is illegal. Penalties can include fines and imprisonment.

THE SPY

Intercepting communication and manipulating it without the parties’ knowledge resembles a spy or eavesdropper gathering intelligence secretly.

MALWARE

DESCRIPTION

Malware refers to malicious software designed to harm or exploit any programmable device or network.

CHARACTERISTICS

  • Includes viruses, worms, trojans, ransomware, etc.
  • Can steal data or damage systems.

OPERATIONAL / BUSINESS IMPACT

  • Data loss or corruption.
  • System downtime.

PREVENTIVE MEASURES / RESPONSES

  • Antivirus software deployment.
  • Regular updates and patches.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • The Cyber Security Act 2024 includes provisions against malware distribution; violators may face penalties including fines and imprisonment.

THE SABOTEUR

Malware acts like a saboteur, infiltrating systems and causing damage, stealing information, or corrupting operations from within.

ZERO-DAY EXPLOIT

DESCRIPTION

A zero-day exploit takes advantage of a previously unknown vulnerability before it is patched by developers.

CHARACTERISTICS

  • Highly effective as there are no defenses available at the time of attack.

OPERATIONAL / BUSINESS IMPACT

  • Significant risk as exploits can lead to unauthorized access or data breaches.

PREVENTIVE MEASURES / RESPONSES

  • Timely software updates and patch management practices.
  • The usage of firewalls.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Subject to the Computer Crimes Act 1997; exploitation of vulnerabilities can lead to legal consequences including fines and imprisonment.

THE OPPORTUNIST

Exploiting unknown vulnerabilities before they are patched mirrors an opportunist who strikes when their target is unprepared.

SOCIAL ENGINEERING ATTACK

DESCRIPTION

Social engineering involves manipulating individuals into divulging confidential information through deception.

CHARACTERISTICS

  • Relies on psychological manipulation rather than technical skills.

OPERATIONAL / BUSINESS IMPACT

  • Compromised sensitive information.
  • Financial loss.

PREVENTIVE MEASURES / RESPONSES

  • User awareness training on social engineering tactics.
  • Verification processes for sensitive requests.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Covered under various laws including the PDPA; organizations must safeguard personal data against such tactics. Violations may result in legal action and fines.

THE MASTER MANIPULATOR

Using psychological tricks to gain sensitive information mimics a manipulator exploiting trust and emotions for their gain.

SUPPLY CHAIN ATTACK

DESCRIPTION

Supply chain attacks target vulnerabilities within third party vendors or partners to compromise an organization indirectly.

CHARACTERISTICS

  • Exploits trust relationships between organizations.
  • Can affect multiple entities simultaneously.

OPERATIONAL / BUSINESS IMPACT

  • Data breaches.
  • Operational disruptions.
  • Financial losses.

PREVENTIVE MEASURES / RESPONSES

  • Thorough vetting of suppliers.
  • Continuous monitoring of third-party security practices.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Subject to the Cyber Security Act 2024; organizations must ensure third-party compliance with cybersecurity standards, with penalties for non compliance.

THE SABOTAGE SPECIALIST

Targeting trusted suppliers or partners to indirectly harm an organization is similar to a specialist who infiltrates indirectly to cause systemic harm.

AI-DRIVEN CYBERATTACKS

DESCRIPTION

Cybercriminals use AI tools to automate attacks, create personalized phishing emails, and adapt tactics in real-time.

CHARACTERISTICS

  • Highly sophisticated attacks that evade traditional detection methods.

OPERATIONAL / BUSINESS IMPACT

  • Increased difficulty in detecting threats.
  • Potentially higher success rates for attackers.
  • Rapid pace of the attack poses difficulty to effectively respond.

PREVENTIVE MEASURES / RESPONSES

  • Invest in advanced AI based detection tools.
  • Regularly update security protocols.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • No specific laws yet; however, general cybersecurity laws apply as AI-driven attacks fall under existing cybercrime regulations.

THE HIGH-TECH FRAUDSTER

Leveraging AI for personalized phishing, automation, and real-time adaptability mirrors a high-tech fraudster using advanced tools to outsmart traditional defenses.

DEEPFAKE SCAMS

DESCRIPTION

Deepfake technology creates realistic audio or video impersonations used in scams or social engineering attacks.

CHARACTERISTICS

  • Can convincingly impersonate trusted individuals.
  • Exploits trust within organizations.

OPERATIONAL / BUSINESS IMPACT

  • Financial fraud.
  • Compromised sensitive information.

PREVENTIVE MEASURES / RESPONSES

  • Employee training on recognizing deepfake content.
  • Verification processes for unusual requests.

LEGAL PROTECTIONS / CONSIDERATIONS IN MALAYSIA

  • Not specifically regulated; falls under general fraud laws and PDPA if personal data is involved.
  • Subject to Section 211(1) of the Communications and Multimedia Act 1998 penalties could apply for content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person.

THE IMPERSONATOR

Creating realistic fake identities to deceive others resembles an impersonator or forger who mimics others for fraudulent purposes.

See Attached PDF

References

  1. Cyber Security Act 2024: This act governs cybersecurity measures in Malaysia, particularly for National Critical Information Infrastructure (NCII) sectors.
  2. Personal Data Protection Act (PDPA) 2010: Regulates the processing of personal data in commercial transactions in Malaysia.
  3. Computer Crimes Act 1997: Addresses various computer related offenses including unauthorized access and manipulation of data.

© 2025 Suppiah & Partners. All rights reserved. The contents of this newsletter are intended for informational purposes only and do not constitute legal advice.

More Newsletter

Is Your Data Safe? Here’s How to Maximise the Security of Your Business Data Against Ai Driven Privacy Risks

by loswebstudio99 in Newsletter

IS YOUR DATA SAFE?

HERE’S HOW TO MAXIMISE THE SECURITY OF YOUR BUSINESS DATA AGAINST AI DRIVEN PRIVACY RISKS.

by Thulasy Suppiah, Managing Partner

Data. Big Data. Metadata. These are powerful commodities for modern businesses to thrive and survive. Datasets have become such invaluable assets, they need to be stored somewhere safe. Each year, more and more corporate data is being stored in the cloud – a metaphor for the Internet’s services managed by third parties. Everywhere and in Malaysia, this has surged demand for AI-powered cloud storage solutions and applications to manage, process and protect the growing volume of sensitive data. In this article, we examine how a business can identify the right cloud storage services for robust data protection despite unique challenges spawned by Generative AI (Gen AI). These include the misuse of data and shortage of skills to protect against AI-enabled cybercrime. Without proactive oversight, companies leveraging AI risk exposing customer data and IP rights to unauthorized access or manipulation.

BENEFITS OF SOVEREIGN CLOUD SERVICES

Traditionally, companies used public clouds or cloud computing systems located outside the country to store their data. However, this meant little control or accountability over the use of that data. Heedfully, Malaysia has taken steps to safeguard data sovereignty within our borders by providing ways for locally managed services to offer cloud storing platforms to secure business data from foreign access. Today, organisations can store data either in a private cloud or sovereign cloud, regulated by local laws.

A sovereign cloud is a cloud computing environment which enable’s each organisation’s data to be stored on a system of servers located within their own country. This system is hosted by locally managed services, is required to abide by domestic rules governing data privacy; while having to adopt special security measures for the vicinity of the stored data.

Sovereign cloud providers are an important link with expertise to handle and track the flow of data. They can categorise various types of industry data, whether confidential, public, corporate or personal. Their proximity within the country is said to increase their efficiency tenfold through faster execution speeds and greater network stability. By maintaining valuable data within a country’s borders, sovereign cloud offers a more secure means of data protection.

Recent amendments to Malaysia’s Personal Data Protection Act provide further flexibility and higher protection over stored datasets:

  • Biometric Data is now explicitly defined as sensitive personal data
  • Data portability rights allow individuals to request the transfer of their data
  • Data breach definitions are expanded, increasing accountability for data controllers and processors Mandatory
  • Data Protection Officers are required for better oversight

While these amendments are much welcomed, they don’t fully address the risks associated with the growing use of AI systems in data processing, in particular, regarding facial recognition technology. Hopefully in time, our government will fine tune our laws to address gaps.

RISK FACTORS IN LEVERAGING AI TOOLS FOR DATA PROCESSING AND STORAGE

As technology users, we tend to focus on interfaces and tools, but not really the accountability and oversights of their internal functions. Machine learning presents a formidable challenge – who governs it? Who is protecting data being hosted by third parties from misuse and theft and the issues surrounding the accuracy of AI tools?

Malaysia has a multifaceted framework to protect personal data in commercial transactions, govern information security, to ensure network reliability and infrastructure integrity and to safeguard data sovereignty. Malaysia’s cyber security laws include:

The Personal Data Protection Act 2010 (PDPA)
This is the key framework that regulates personal data processing in commercial transactions in Malaysia. It mandates the implementation of practical measures to protect personal data from loss, misuse, modification, unauthorised access, disclosure, alteration, or destruction. Non compliance with the PDPA may result in fines ranging from RM100,000 to RM500,000, imprisonment for one to three years, or both.

Communications and Multimedia Act 1998 (CMA)
This Act regulates the communications and multimedia industry and places a premium on information security and network reliable cybersecurity services. The CMA prohibits:

  • Fraudulent or improper use of network facilities
  • Possession of counterfeit access devices
  • Unauthorised access attempts
  • Interception of communications without lawful authority

Cyber Security Act 2024
This Act is designed to safeguard the nation’s critical information infrastructure (CII) against complex cyber threats. A notable feature of the act is its focus on cybersecurity service providers, mandating a licensing regime to ensure only qualified entities are authorised to deliver cyber security services. Offenses under the Act are:

  • Failing to conduct required risk assessments and audits
  • Not notifying relevant authorities about cybersecurity incidents
  • Non-compliance with licensing requirements
  • Failure to implement mandated cybersecurity practices

Additionally, the Act holds not just organisations but also their employees and agents accountable, extending liability to individuals responsible for compliance within the entity.

Copyright Act 1987

  • This Act protects intellectual property, including digital content, by prohibiting:
  • Unauthorised transmissions of copyrighted works over the Internet
  • Circumvention of technological protection measures that applied to copyrighted works
  • Offering technology or devices that enable such circumvention

Electronic Commerce Act 2006
This Act provides a legal framework for electronic transactions, ensuring the security and reliability of online transactions.

CHOOSING THE RIGHT SOVEREIGN CLOUD PROVIDER

As businesses handover their data to third party services, legal professionals with deep understanding of technology and computing systems, can help your company asses the security controls managed services have in place and how your data is being utilised beyond your ambit.

It is crucial to investigate how closely these managed services comply with local laws, are fully licensed for the services they provide and if their cybersecurity is provided only by qualified entities as mandated by the law.

In Malaysia we have reputable and established providers who offer sovereign cloud services and there are several criteria they should meet. These include full certification and compliance with local laws, able to guarantee the sovereignty of data within local borders, able to ensure data privacy, able to conduct Data Protection Impact Assessments, have the skills to classify data, and offer scalability and flexibility as the need for your organisation’s data evolves. They should also have robust security protocols, are able to respond to security incidents efficiently and promptly and are able to pivot well in case of service disruptions or in executing disaster recovery to ensure data remains secure and accessible even in adverse situations.

Technology lawyers can also advice and oversee the terms and conditions of the Service Level Agreements between your organisation and the cloud provider, to ensure they align with your business’ needs and offer acceptable language for dispute resolutions. They can scrutinise the quality of customer support and response time and the structure and transparency of costs associated with storing your data.

CONCLUSION

The rapid growth of cloud computing and the widespread adoption of AI and cloud technologies presents significant opportunities if well leveraged, but this must be matched with caution and a strong focus on safeguarding personal data and copyrights. Businesses have the obligation to ensure their data practices align with local laws and to receive, send, track and store data safely. As local regulatory landscapes and the challenges of Gen AI continue evolve, legal services with sound understanding of technology, can help your business stay abreast, compliant and safe.

See Attached PDF

REFERENCE

  1. Data Privacy in the Age of AI: Are Your Cloud Services Putting You at Risk of Non-Compliance? Innoedge. (October 2024).
  2. Malaysia’s Cyber Security Act 2024: What Businesses Need to Know. ASEAN BRIEFING, Dezan Shira & Associates. Medina, Ayman Falak. (August 2024).
  3. Gen AI in Data Security: The Double Edged Sword. CyberMagazine. (August 2024).
  4. Malaysia Pushes Out Groundbreaking Amendment to Personal Data Protection Act – Impact on Businesses. Squire Patton Boggs. Aw, Charmian and Lai, Brandon. (August 6, 2024).
  5. What is Data Sovereignty? Oracle Cloud Infrastructure (OCI), Oracle Malaysia. Chen, Michael. (May 2024).
  6. AI and Cloud Computing top tech risks for firms in 2024 Horizon report. ORX. (April 2024).
  7. Sovereign Cloud: A Necessity for Protecting Malaysia Enterprises’ Data Sovereignty. Exabytes. Xiao Hui. (October 2023).
  8. As Malaysia embraces cloud, data sovereignty debate intensifies. Moxie Insights. Henderson, James. (September 2023).
  9. Glossary: Sovereign Cloud. opendatasoft.com. (Accessed 2024).

© 2025 Suppiah & Partners. All rights reserved. The contents of this newsletter are intended for informational purposes only and do not constitute legal advice.

More Newsletter

Comparative Analysis of Data Center Development Guidelines: Singapore Vs. Malaysia

by loswebstudio99 in Newsletter

A COMPARATIVE LOOK

DATA CENTRE DEVELOPMENT IN SINGAPORE & MALAYSIA

by Thulasy Suppiah, Managing Partner

We’ve compared the regulations driving data centre growth in both nations, focusing on sustainability, cybersecurity, environmental assessments, and regulatory processes. As frameworks evolve, these insights are crucial for industry stakeholders.

A SUMMARY: WHERE DO WE STAND AS A NATION?

Malaysia is progressing with balanced growth and sustainability-focused frameworks, but Singapore remains ahead with advanced standards and established regulatory clarity.

GREEN DATA CENTRE STANDARD

Malaysia is progressing with balanced growth and sustainability-focused frameworks, but Singapore remains ahead with advanced standards and established regulatory clarity.

CYBERSECURITY NETWORK

Both countries have robust cybersecurity frameworks; however, Malaysia’s act is newly implemented and lacks established legal precedents, which may lead to challenges in enforcement and interpretation.

ENVIRONMENTAL IMPACT ASSESSMENT

Both countries have robust cybersecurity frameworks; however, Malaysia’s act is newly implemented and lacks established legal precedents, which may lead to challenges in enforcement and interpretation.

CALL-FOR APPLICATION SCHEME

Singapore’s CFA scheme ensures alignment with sustainability goals; Malaysia’s GPP streamlines planning but lacks an equivalent CFA mechanism, which may hinder effective oversight of new developments.

REGULATORY AUTHORITY

Singapore’s CSA has established authority with experience; Malaysia’s National Cyber Security Committee is newly formed, which may face initial challenges in establishing its effectiveness and authority.

See Attached PDF

© 2025 Suppiah & Partners. All rights reserved. The contents of this newsletter are intended for informational purposes only and do not constitute legal advice.

More Newsletter

Preparing for Workforce Changes in the Age of AI

by loswebstudio99 in Newsletter

PREPARING FOR WORKFORCE

CHANGES IN THE AGE OF AI

by Thulasy Suppiah, Managing Partner & Keerthana Aiswwarya Jeevanathen, Pupil

Progress in the capabilities of Artificial Intelligence (AI) and excitement over automation for enhanced productivity have stoked widespread fears of labour force disruption. The impact of AI on employment requires strategic intervention sooner rather than later, as it has far-reaching consequences for workers and businesses alike.

It is therefore imperative for clients, corporations, and policymakers to understand and prepare for both the opportunities created by AI-driven automation and its impact on jobs most exposed to these changes. Businesses should proactively assess potential risks and work closely with legal advisors to navigate these shifts effectively.

In Malaysia, the adoption of advanced technology is accelerating across sectors from manufacturing to services, reshaping industries and impacting employment. An article in The Sun titled “AI and Automation Reshaping Workforce” shared insights from Julian Tan, Singaporean CEO and founder of FastCo Asia, who highlighted that around 40.1 percent of jobs in Malaysia are “highly at risk” of disruption by AI. Tan projects that as many as 4.5 million Malaysian workers out of the current 16.15 million-strong workforce could be displaced by 2030.

AI and automation could impact approximately 57 percent of all jobs in Malaysia over the next two decades, with the most vulnerable roles including vehicle drivers, data entry clerks, factory workers, travel agents, dispatchers, and possibly even teachers. AI can now perform non-routine cognitive tasks that, until recently, only humans could manage.

However, it’s not all grim. According to a report by the World Economic Forum, while 85 million jobs may be displaced globally by 2025, 97 million new roles could emerge, emphasizing AI-related tasks, data analytics, and software development. This shift will demand significant upskilling and reskilling efforts, and businesses must work with legal advisors to structure and implement these changes.

WHY CONSULT A LAWYER AND HOW TO BE PREPARED FOR WORKFORCE SHIFTS

Legal guidance plays a crucial role in preparing for AI-driven changes to workforce dynamics. As AI transforms employment patterns, businesses will face various regulatory and contractual considerations that could significantly impact their operations and liability. Lawyers can help companies prepare for these shifts by advising on compliance with emerging AI and labour laws, restructuring workforce contracts to reflect changing roles, and implementing policies to safeguard employees’ rights during transitions.

One primary concern for employers is managing employment contracts and employee rights in an evolving job market. Legal counsel can guide businesses on drafting flexible employment terms that address potential role reassignments, retraining obligations, and redundancy procedures. By preparing these contracts in advance, companies can avoid costly disputes and ensure smoother transitions as workforce roles shift due to AI integration.

Additionally, regulatory compliance is crucial as AI continues to advance. While Malaysia currently lacks specific AI regulations, businesses should work with legal advisors to stay ahead of regulatory developments, particularly concerning data privacy, algorithmic accountability, and ethical use of AI in workplace decision-making. Proactive legal counsel can help companies establish frameworks that anticipate regulatory changes, minimizing future risks and ensuring responsible AI deployment.

In Malaysia, initiatives like the National Fourth Industrial Revolution (IR 4.0) Policy aim to harness AI’s benefits while mitigating its disruptive effects. However, businesses must be proactive by investing in workforce development and adapting to evolving business models. Clients should discuss workforce strategy with their lawyers, considering legal frameworks that will support a transition toward a more skilled, AI competent workforce.

Additionally, the rise of generative AI in performing tasks traditionally reserved for legal professionals such as contract analysis, legal research, and even preliminary dispute resolution raises critical considerations for companies relying on legal services. AI may enhance operational efficiency, but businesses will need to work with their lawyers to re-evaluate the role of “human” judgment and adapt service delivery accordingly.

See Attached PDF

References 1

  1. World Economic Forum. “The Future of Jobs Report 2020.”
  2. Malaysia’s National Fourth Industrial Revolution (IR 4.0) Policy.
  3. AI and automation reshaping workforce.
  4. Reskilling and Upskilling the Future ready Workforce for Industry 4.0 and Beyond.
  5. Artificial Intelligence: AI driven Business Process Automation.
  6. AI for Legal Professionals.
  7. The Impact of Artificial Intelligence on Legal Systems: Challenges and Opportunities.

References 2

  1. Artificial Intelligence: AI-driven Business Process Automation.
  2. AI for Legal Professionals.
  3. The Impact of Artificial Intelligence on Legal Systems: Challenges and Opportunities.
  4. Top VC Kai-Fu Lee says his prediction that AI will displace 50% of jobs by 2027 is ‘uncannily.
  5. In the Age of AI (full documentary) | FRONTLINE.

© 2025 Suppiah & Partners. All rights reserved. The contents of this newsletter are intended for informational purposes only and do not constitute legal advice.

More Newsletter