In an era where digital transformation defines economic competitiveness and public service delivery, cybersecurity has evolved from a technical concern to a strategic imperative for governance.
For Sarawak, a state aggressively pursuing its vision to become a leading digital economy and society by 2030, the readiness of government departments and agencies to withstand cyber threats is foundational to sustainable progress.
Recognising this, the Sarawak state government, through the Sarawak Multimedia Authority, has institutionalised a comprehensive cybersecurity framework under the CyberSarawak initiative, launched on 16 October 2024, during the International Digital Economy Conference Sarawak 2024 in Kuching.
Bearing the motto “Stay Safe, Stay Smart, Stay Secure,” CyberSarawak represents a deliberate, whole-of-government approach to fortifying Sarawak’s public sector digital infrastructure while cultivating a culture of cyber vigilance across all levels of administration.
Cybersecurity is explicitly positioned as a key enabler within two pivotal state policy documents: the Sarawak Post COVID-19 Development Strategy 2030 and the Sarawak Digital Economy Blueprint 2030.
These frameworks articulate that digital transformation cannot proceed without robust safeguards for data integrity, system availability, and public trust.
To operationalise this mandate, the Sarawak government established a dedicated Cyber Security Unit under the Sarawak Multimedia Authority in 2023, tasked with driving coordinated cybersecurity initiatives across state agencies.
This institutional anchoring ensures that cybersecurity considerations are embedded in digitalisation projects from inception, rather than treated as an afterthought.
The launch of CyberSarawak marked a significant escalation in this commitment, officiated by Sarawak Premier Datuk Patinggi Tan Sri (Dr) Abang Haji Abdul Rahman Zohari bin Tun Datuk Abang Haji Openg, underscoring that protecting digital assets is inseparable from enabling inclusive economic participation.
During his keynote address at the conference, Premier Datuk Patinggi Tan Sr (Dr) Abang Haji Abdul Rahman Zohari emphasised the critical link between data governance and emerging technologies, stating that “Above all these Artificial Intelligence (AI) initiatives, the essence of AI is data; without it, AI cannot function effectively. The Sarawak government is embracing this reality by building a robust data ecosystem… We are driving initiatives such as the Sarawak Integrated Operation Centre (SIOC) and the Open Data platform.”
This statement signals that cybersecurity readiness is not merely defensive but a proactive enabler of innovation, ensuring that Sarawak’s investments in AI, big data, and smart services rest upon a trusted digital foundation.
CyberSarawak’s operational architecture is structured around three interconnected pillars known as the 3S Programme, each designed to address distinct dimensions of institutional cybersecurity resilience while prioritising government agencies as both primary beneficiaries and active participants in strengthening Sarawak’s collective cyber posture.
The Stay Secure pillar is explicitly dedicated to evaluating and enhancing the cybersecurity posture of Critical Information Infrastructure, which encompasses state government departments, statutory bodies, and Government-linked Corporations responsible for delivering essential public services.
Under this initiative, the Sarawak Multimedia Authority has conducted comprehensive cybersecurity assessments of forty-seven agencies to date, systematically identifying vulnerabilities in network architecture, access controls, incident response protocols, and data protection measures.
These assessments are not merely compliance exercises; they generate actionable roadmaps for remediation, capacity building, and continuous monitoring.
The methodology aligns with international standards while accommodating Sarawak’s unique operational context, with agencies undergoing structured evaluations covering risk identification and threat modelling specific to public sector service delivery, technical security controls including endpoint protection and encryption, governance frameworks for policy enforcement and accountability, and incident response preparedness including tabletop exercises and communication protocols.
Findings from these assessments inform the development of tailored guidelines and technical support, with the Authority establishing its own guidelines to enhance cybersecurity for both government and public sectors, with particular focus on safeguarding critical infrastructure such as public utilities and energy systems.
This bespoke approach ensures that recommendations are practical, scalable, and aligned with the resource realities of Sarawak’s diverse agencies.
Collaboration is central to implementation, with the Authority working closely with Sarawak Information Systems Sdn. Bhd., the state’s primary ICT service provider, to translate assessment findings into technical upgrades and managed security services.
Additionally, the Sarawak Civil Service Digitalisation Unit plays a pivotal coordination role, ensuring that cybersecurity requirements are integrated into broader digital transformation projects across the civil service, preventing siloed efforts and promoting consistent security standards throughout the government ecosystem.
While technical controls are essential, human factors remain a predominant vulnerability in cybersecurity, which the Stay Smart pillar addresses by prioritising education and awareness with a specific focus on equipping civil servants with practical knowledge to recognise and mitigate cyber threats.
Recognising that government employees are frequent targets of phishing, social engineering, and credential-based attacks, this programme moves beyond generic training to deliver role-specific, context-aware cybersecurity education.
A flagship component is the Train-the-Trainer Ambassador Programme, which has successfully trained sixty-five ambassadors drawn from libraries, local councils, and civil society organisations to conduct cyber awareness sessions within their professional networks.
Within government agencies, this model is adapted to create internal cybersecurity champions, staff members trained to disseminate best practices, answer peer queries, and reinforce security protocols in day-to-day operations.
Topics covered include identifying sophisticated phishing attempts targeting government credentials, secure handling of sensitive citizen data in compliance with data protection principles, safe use of mobile devices and remote access tools in hybrid work environments, and reporting procedures for suspected security incidents.
To scale impact, the Sarawak Multimedia Authority has organised targeted workshops for agency leadership and technical staff, including a “Securing Sarawak’s Digital Future: A Cyber Security Workshop for Leaders” in July 2024 that engaged representatives from twenty-four agencies involved in critical infrastructure, fostering strategic dialogue on risk ownership and resource allocation.
Subsequent facilitated workshops in August 2024 brought together forty-two government agencies to complete detailed cybersecurity surveys, establishing baseline metrics for measuring progress.
These sessions, conducted in collaboration with the Sarawak Civil Service Digitalisation Unit and Sarawak Information Systems, ensure that agency representatives actively contribute to shaping Sarawak’s cybersecurity roadmap rather than passively receiving directives.
The Stay Safe pillar establishes a centralised mechanism for reporting and responding to cybersecurity incidents, reducing fragmentation and accelerating containment.
For government agencies, this translates to a dedicated help desk and reporting portal that simplifies the process of documenting breaches, accessing expert guidance, and coordinating with technical response teams.
By providing a clear, accessible channel, the initiative addresses a common barrier: uncertainty about whom to contact during a cyber incident.
This centralised approach yields dual benefits, first minimising downtime and data loss for affected agencies by ensuring rapid escalation to appropriate resources, and second, generating valuable threat intelligence through aggregated incident data that enables the Authority to identify emerging attack patterns, prioritise defensive investments, and issue proactive advisories to the wider government community.
The portal also facilitates compliance with the Cyber Security Act 2024, which mandates reporting obligations for critical infrastructure operators.
By aligning CyberSarawak’s reporting framework with federal requirements, Sarawak ensures its agencies meet national standards while benefiting from state-level contextual support.
Sarawak’s approach to government agency cybersecurity readiness is distinguished by several enabling mechanisms that promote sustainability and adaptability.
The Cyber Security Unit under the Sarawak Multimedia Authority serves as the operational nerve centre, providing strategic direction, technical expertise, and programme coordination through nine functional roles encompassing policy development, threat intelligence, capacity building, and stakeholder engagement, ensuring a holistic response to evolving threats.
CyberSarawak actively leverages collaborations beyond government, with partnerships with technology firms, academic institutions, and civil society organisations expanding the talent pool, fostering innovation in security solutions, and extending outreach to underserved communities.
Community events like the Cyber Security Awareness Run at Padang Merdeka in December 2024, which attracted approximately two thousand participants, demonstrate how public engagement reinforces institutional efforts.
While tailored to Sarawak’s context, CyberSarawak complements national initiatives such as the Cyber Security Act 2024 and guidelines from the National Cyber Security Agency, ensuring interoperability, facilitating resource sharing, and positioning Sarawak agencies to benefit from federal-level threat intelligence and capacity-building programmes.
The initiative incorporates mechanisms for continuous evaluation, with assessment findings, training feedback, and incident reporting data informing periodic reviews of strategies and tactics.
This adaptive management approach allows Sarawak to refine its cybersecurity posture in response to emerging threats and technological shifts.
As Sarawak advances toward its 2030 digital economy aspirations, the cybersecurity readiness of government agencies will remain a dynamic priority.
Planned expansions for CyberSarawak beyond 2025 include advanced threat intelligence sharing platforms enabling real-time collaboration among agencies, specialised certification programmes for government cybersecurity professionals, integration of artificial intelligence and machine learning tools to enhance threat detection and automated response, and sector-specific playbooks for high-risk domains such as healthcare, energy, and transportation.
These developments will be guided by ongoing dialogue with agency stakeholders, ensuring that initiatives remain relevant, practical, and impactful.
Crucially, the government recognises that cybersecurity is not a one-time project but a continuous journey requiring sustained investment, cultural change, and collective ownership.
Sarawak’s CyberSarawak initiative exemplifies a forward-looking, institutionally grounded approach to cybersecurity readiness.
By focusing explicitly on government departments and agencies through structured assessments under Stay Secure, targeted literacy programmes under Stay Smart, and streamlined response mechanisms under Stay Safe, the state is building a resilient foundation for its digital transformation.
Premier Datuk Patinggi Tan Sr (Dr) Abang Haji Abdul Rahman Zohari’s vision of a robust data ecosystem that enables ethical AI and inclusive innovation can only be realised if public sector digital systems are secure, trusted, and resilient.
The journey ahead demands vigilance, collaboration, and adaptability.
Yet, by embedding cybersecurity into the fabric of governance and empowering agencies with the tools, knowledge, and partnerships needed to thrive in a connected world, Sarawak is not only protecting its present digital assets but also securing the trust that will enable its future prosperity.
As cyber threats continue to evolve, Sarawak’s commitment to institutional readiness through CyberSarawak offers a replicable model for subnational governments worldwide seeking to balance openness with protection in the digital age.
References
Bernama. (2024, October 16). Abang Johari launches CyberSarawak. Bernama. https://bernama.com/en/news.php?id=2352457
CyberSarawak. (n.d.-a). About CyberSarawak: Overview. CyberSarawak Official Portal. https://www.cybersarawak.gov.my/web/about_us/overview/
CyberSarawak. (n.d.-b). Stay Secure Programme. CyberSarawak Official Portal. https://www.cybersarawak.gov.my/web/subpage/webpage_view/15
DayakDaily. (2024, October 16). SMA to launch CyberSarawak to strengthen State’s cybersecurity, drive digital innovation. DayakDaily. https://dayakdaily.com/sma-to-launch-cybersarawak-to-strengthen-states-cybersecurity-drive-digital-innovation/
Jabatan Premier Sarawak. (2024a, December 1). Community called on to support CyberSarawak in tackling cyber threats. https://premierdept.sarawak.gov.my/web/subpage/news_view/10029
Jabatan Premier Sarawak. (2024b, September 4). Workshop collaboration with SMA. https://premierdept.sarawak.gov.my/web/subpage/news_view/10922/SCSDU
National Cyber Security Agency. (n.d.). Cyber Security Act 2024 [Act 854]. https://www.nacsa.gov.my/
Sarawak Digital Economy Corporation. (2023). Sarawak Digital Economy Blueprint 2030. https://www.scope.net.my/wp-content/uploads/2023/11/SDE-Blueprint-2030-Book.pdf
Sarawak Multimedia Authority. (2024, July 15). SMA coming up with own guidelines to enhance cyber security. CyberSarawak Publications. https://www.cybersarawak.gov.my/web/publications/news_view/233
Sarawak Multimedia Authority. (n.d.-a). Cyber Security Unit. Sarawak Multimedia Authority. https://www.sma.gov.my
Sarawak Tribune. (2024, October 16). SMA to launch CyberSarawak initiative. Sarawak Tribune. https://www.sarawaktribune.com/sma-to-launch-cybersarawak-initiative/
The Borneo Post. (2025, December 4). Cybersecurity a shared responsibility across all agencies, says SWAK SS. The Borneo Post. https://www.theborneopost.com/2025/12/04/cybersecurity-a-shared-responsibility-across-all-agencies-says-swak-ss/
