By Datuk Alan See, Chief Executive Officer – FIRMUS

Malaysia is a rapidly growing economy with a high rate of technology adoption. As more businesses digitize their operations, cybersecurity risks have also increased tremendously. Managed Security Service Providers (MSSPs) have emerged as a solution for businesses that lack the expertise or resources to manage their own cybersecurity. However, MSSPs in Malaysia face several challenges and shortcomings that can impact their ability to provide effective cybersecurity services to their clients.

Due to evolving rate of digital adoption, client expectations have changed. For example, ten years ago, the primary expectations of clients were monitoring firewall, IDS logs, incident handling, and reporting. But today, clients are looking for management of different SIEM technologies, threat intel capability, incident response, forensics, organizational reputation, and cost-effectiveness. Understanding clients’ expectations is crucial for MSSPs to sustain their business model as clients become more conscious and informed about their cybersecurity needs.

Skyrocketing Operating Costs

Increasing operating costs plays a major role in all businesses, especially so for MSSPs. The salary for cybersecurity experts makes up the largest component of the operating cost, and it has been skyrocketing since the pandemic. The average cybersecurity specialist gross salary in Malaysia is RM151,428 (~USD 34,000) or an equivalent hourly rate of RM73 (~USD16), according to Salary Expert powered by ERI. An entry-level cybersecurity specialist (1-3 years of experience) earns an average salary of RM107,311 (~USD24,000), while a senior level cybersecurity specialist (8+ years of experience) earns an average salary of RM189,036 (~USD 42,000). The high salaries of cybersecurity experts put a significant financial burden on MSSPs, making it challenging for them to provide affordable security solutions to their clients.

Talent Pipeline Drought

Another challenge facing MSSPs in Malaysia is the lack of cybersecurity experts, especially security analysts and threat intelligence experts. In Malaysia, cybersecurity professionals estimate that at least the top 10 percent of job opportunities in the near future will be related to cybersecurity. Cybersecurity experts are essential for protecting our data, privacy, and keeping the digital society safe from new threats. Ethical hackers, digital forensics experts, cyber threat intelligence analysts, network defense analysts, and cloud solution developers will continue to be in demand.

The insourcing strategy adopted by large organizations like banks is plays a contributing factor in searching cybersecurity expert roles. Many big organizations are building their own Security Operations Center (SOC) now and moving their security incident management and monitoring back in-house. This is one of the contributing factors in a talent drought scenario.

Regulations at Play?

Without clear standardized cybersecurity regulations can also be a negative factor for MSSPs. While Malaysia has introduced cybersecurity laws and regulations in recent years, the lack of a standard framework can make it difficult for MSSPs to establish consistent security protocols and standards across their client base. This can result in inconsistencies in security measures and leave some clients more vulnerable to cyber-attacks.


In conclusion, MSSPs in Malaysia is playing in a competitive market, with rising operating costs, a lack of cybersecurity talents, and more. However, the demand for MSSPs is growing as well, and they are vital for protecting the critical information assets of businesses of all sizes in Malaysia.