A QUALITATIVE CROSS-SECTOR ANALYSIS OF CYBER RESILIENCE MATURITY IN MALAYSIAN FINANCIAL AND MANUFACTURING FIRMS
DOI:
https://doi.org/10.18623/rvd.v23.6582Palabras clave:
Malaysia, Digitalisation, Cyber, Resilience, Financial, Manufacturing, Industry 4,0, RegulationResumen
Malaysia's financial services and manufacturing sectors form the core of the nation's economy, with both industries rapidly digitising. The business operations to manufacturing plants expand into cyberspace, where they become intertwined with digital frameworks. Consequently, cyber risk no longer resembles isolated information technology (IT) issue but pose significant challenges to fundamental business activities. Therefore, cybersecurity becomes crucial in an organization's risk management framework to protect the assets and operations. This study examines how firms in the financial and manufacturing sectors conceptualise, govern and operationalise cyber resilience, paying particular attention to how sector-specific regulatory environments influence differences in maturity levels among these industries. A qualitative document analysis of Annual and Sustainability Reports from listed companies is utilized. The researcher reads and codes these firms' descriptions of technology, cybersecurity and resilience and subsequently interpret those descriptions through a socio‑technical analysis based on a three‑layered framework. The findings reveal a contrast between the two sectors. The financial institutions highlight cyber risk as a business priority and guided by Bank Negara Malaysia's Risk Management in Technology (RMiT) policy. Meanwhile, manufacturing firms has no sector-specific regulation and frequently discuss their futuristic and high-tech upgrade plans, but say little about the cyber resilience of these ventures. This research suggests that sector-specific regulation is a primary driver for the consistent formalisation of cyber risk narratives in finance and indicates areas for boards, regulators and policymakers to explore as these risks extend into cyber-physical manufacturing scenarios.
Citas
Al‐Shaer, H., Albitar, K., & Hussainey, K. (2021). Creating sustainability reports that matter: an investigation of factors behind the narratives. https://doi.org/10.1108/jaar-05-2021-0136
Ayodele, O. F., & Adelaja, A. O. (2024). Advancing Cybersecurity Governance: Adaptive Resilience and Strategic Third-Party Risk Management in Financial Services. World Journal of Advanced Research and Reviews, 24(2), 293–302. https://doi.org/10.30574/wjarr.2024.24.2.3312
Beattie, V., McInnes, B., & Fearnley, S. (2004). A methodology for analysing and evaluating narratives in annual reports: a comprehensive descriptive profile and metrics for disclosure quality attributes. https://doi.org/10.1016/j.accfor.2004.07.001
Biró, G. (2025). Cybersecurity and financial stability:Interconnections, risks and regulatory approaches. https://doi.org/10.33908/ef.2025.3.1
Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77–101.
Burrell, D. N., & Nobles, C. (2022). Discovering the Emergence of Technical Sociology in Human Capital Systems and Technology-Driven Organizations. International Journal of Human Capital and Information Technology Professionals, 13(1), 1–15. https://doi.org/10.4018/ijhcitp.300324
Byrne, D. (2021). A worked example of Braun and Clarke’s approach to reflexive thematic analysis. https://doi.org/10.1007/S11135-021-01182-Y
Campbell, S., Greenwood, M., Prior, S., Shearer, T., Walkem, K., Young, S., Bywaters, D., & Walker, K. (2020). Purposive sampling: complex or simple? Research case examples. https://doi.org/10.1177/1744987120927206
Carrillo, E. F. P. (2023). Cybersecurity in European Financial Institutions: New Grounds for Corporate Governance Reform. European Business Law Review, 34(Issue 7), 1133–1166. https://doi.org/10.54648/eulr2023052
Cavelty, M. D., Eriksen, C., & Scharte, B. (2023). Making cyber security more resilient: adding social considerations to technological fixes. https://doi.org/10.1080/13669877.2023.2208146
Cora, H., & Mikail, E. H. (2026). CYBERSECURITY, SOVEREIGNTY, AND INTERNATIONAL LAW: NORMATIVE CHALLENGES IN THE DIGITAL AGE. Veredas Do Direito, 23, e234381. https://doi.org/10.18623/rvd.v23.4381
Dupont, B. (2019). The cyber-resilience of financial institutions: significance and appli cability. Journal of Cybersecurity, 5(1). https://doi.org/10.1093/cybsec/tyz013
El-Breshy, S., Elhabashy, A. E., Fors, H., & Harfoush, A. (2024). Resiliency of manufacturing systems in the Industry 4.0 era – a systematic literature review. Journal of Manufacturing Technology Management, 35(4), 624–654. https://doi.org/10.1108/jmtm-04-2022-0171
Fairburn, N., Shelton, A., Ackroyd, F., & Selfe, R. (2021). Beyond Murphys Law: Applying Wider Human Factors Behavioural Science Approaches in Cyber-Security Resilience. In Lecture Notes in Computer Science (pp. 123–138). Springer International Publishing. https://doi.org/10.1007/978-3-030-77392-2_9
Ghobakhloo, M., Iranmanesh, M., Foroughi, B., Tseng, M.-L., Nikbin, D., & Khanfar, A. A. A. (2023). Industry 4.0 digital transformation and opportunities for supply chain resilience: a comprehensive review and a strategic roadmap. Production Planning & Control, 36(1), 61–91. https://doi.org/10.1080/09537287.2023.2252376
Hasnan, S. (2023). Impacts of Information technology and Risk Management on Cybersecurity Governance: Empirical Study on Malaysian Financial Institutions. Economic Affairs, 68(3). https://doi.org/10.46852/0424-2513.3.2023.17
Heikkila, M., Rattya, A., Pieska, S., & Jamsa, J. (2016, December). Security challenges in small- and medium-sized manufacturing enterprises. 2016 International Symposium on Small-Scale Intelligent Manufacturing Systems (SIMS). https://doi.org/10.1109/sims.2016.7802895
Jeong, J., Mihelcic, J., Oliver, G., & Rudolph, C. (2019). Towards an Improved Understanding of Human Factors in Cybersecurity. 2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC), 338–345. https://doi.org/10.1109/cic48465.2019.00047
Junior, C. R., Becker, I., & Johnson, S. (2023). Unaware, Unfunded and Uneducated: A Systematic Review of SME Cybersecurity. ArXiv.Org. https://doi.org/10.48550/ARXIV.2309.17186
Leo, M. (2020). Operational Resilience Disclosures by Banks: Analysis of Annual Reports. https://doi.org/10.3390/risks8040128
Ling, Y., Hamid, N. A. A., & Chuan, L. (2020). Is Malaysia ready for Industry 4.0? Issues and Challenges in Manufacturing Industry. https://doi.org/10.30880/ijie.2020.12.07.016
Ludin, E., Mohd, M., & Fauzi, F. (2025). Enhancing Cybersecurity Programs in Small and Medium Enterprises (SMEs): A Systematic Literature Review. https://doi.org/10.14569/ijacsa.2025.0160943
Mahdy, E. M. (2026). INSURANCE AGAINST CYBER RISKS: COMPARATIVE STUDY. Veredas Do Direito, 23(3), e234297. https://doi.org/10.18623/rvd.v23.n3.4297
Malatji, M., Solms, S. V, & Marnewick, A. (2019). Socio-technical systems cybersecurity framework. https://doi.org/10.1108/ICS-03-2018-0031
Nicolò, G., Zanellato, G., Tiron‐Tudor, A., & Polcini, P. T. (2022). Revealing the corporate contribution to sustainable development goals through integrated reporting: a worldwide perspective. https://doi.org/10.1108/srj-09-2021-0373
Nyimbili, F., & Nyimbili, L. (2024). Types of Purposive Sampling Techniques with Their Examples and Application in Qualitative Research Studies. https://doi.org/10.37745/bjmas.2022.0419
Palinkas, L., Horwitz, S., Green, C. A., Wisdom, J., Duan, N., & Hoagwood, K. (2015). Purposeful Sampling for Qualitative Data Collection and Analysis in Mixed Method Implementation Research. https://doi.org/10.1007/s10488-013-0528-y
Pasmore, W., Francis, C., Haldeman, J., & Shani, A. (1982). Sociotechnical Systems: A North American Reflection on Empirical Studies of the Seventies. https://doi.org/10.1177/001872678203501207
Pollini, A., Callari, T., Tedeschi, A., Ruscio, D., Save, L., Chiarugi, F., & Guerri, D. (2021). Leveraging human factors in cybersecurity: an integrated methodological approach. https://doi.org/10.1007/s10111-021-00683-y
Ribeiro, D., Almeida, A., Azevedo, A., & Ferreira, F. (2021). Resilience in Industry 4.0 Digital Infrastructures and Platforms. In Advances in Transdisciplinary Engineering. IOS Press. https://doi.org/10.3233/atde210067
Subbarao, A., & Zéghal, D. (1997). Human Resources Information Disclosure in Annual Reports: An International Comparison. https://doi.org/10.1108/EB029039
Tope Oladele Jooda, Adeyemo Taiwo Samson, & Adeyemi Adewunmi Olalemi. (2023). Strengthening cyber resilience in financial institutions: A strategic approach to threat mitigation and risk management. World Journal of Advanced Research and Reviews, 20(3), 2217–2247. https://doi.org/10.30574/wjarr.2023.20.3.2460
Walker, G., Stanton, N., Salmon, P., & Jenkins, D. (2008). A review of sociotechnical systems theory: a classic concept for new command and control paradigms. https://doi.org/10.1080/14639220701635470
Wallang, M., Shariffuddin, M., & Mokhtar, M. (2022). CYBER SECURITY IN SMALL AND MEDIUM ENTERPRISES (SMEs). https://doi.org/10.32890/jgd2022.18.1.5
Wong, A., & Kee, D. (2022). Driving Factors of Industry 4.0 Readiness among Manufacturing SMEs in Malaysia. https://doi.org/10.3390/info13120552
Descargas
Publicado
Cómo citar
Número
Sección
Licencia
I (we) submit this article which is original and unpublished, of my (our) own authorship, to the evaluation of the Veredas do Direito Journal, and agree that the related copyrights will become exclusive property of the Journal, being prohibited any partial or total copy in any other part or other printed or online communication vehicle dissociated from the Veredas do Direito Journal, without the necessary and prior authorization that should be requested in writing to Editor in Chief. I (we) also declare that there is no conflict of interest between the articles theme, the author (s) and enterprises, institutions or individuals.
I (we) recognize that the Veredas do Direito Journal is licensed under a CREATIVE COMMONS LICENSE.
Licença Creative Commons Attribution 3.0
