STRICTER penalties should be imposed on organisations that neglect to put in place a secure network system in their work environment.

This will make the relevant parties more committed and serious about protecting their computer networks, which otherwise would not only expose their systems to such elements as hacking but also other organisations' networks that they come into contact with, according to industry observers.

The National ICT Security Emergency Response Centre (Niser) said the absence of laws has contributed to the somewhat lax attitude among many organisations with regard to taking measures to secure their network systems.

Based on Niser's observation, the banking and finance sector seems to be taking the lead in cybersecurity efforts, largely due to the advent of Internet banking and online transactions, which depend a great deal on 24x7 availability.

"Based on this, I believe it's high time that some form of law be put in place to make it mandatory for enterprises to secure their network systems," said Niser's MyCert manager Solahuddin Shamsuddin.

Trans Niaga Sdn Bhd's senior manager Kho Han Yao agreed that it is important for organisations, especially top management, to be more committed in getting themselves equipped with updated e-security knowledge and technologies.

"This is because IT (information technology) is now commonly applied across industries to improve competitive edge and operational efficiency," he said. "Within some tech-savvy organisations, information security is already a core component of the overall technology and business strategy."

Kho said resource allocation for planning and deploying information security measures remains low for some local organisations. "We must begin to recognise the fact that hacking attacks are real, and new threats are evolving at a rate faster than ever before, hence our efforts to protect our computer networks must be on a continuous basis."

He said organisations must be responsible in protecting the integrity and privacy of information entrusted to them, failing which they must be penalised. "Laws and penalties should be carefully drafted, but more importantly, they must be firmly enforced," he added.

A.J. Surin, Global Cyberlaw Institute's director and Azmi & Associates' head of multimedia, technology and Internet protocol practice group, is also of the view that only a handful of organisations are taking adequate steps to ensure their information network systems are secure, mainly because of the cost issue.

Generally, the banking industry is the most aggressive in taking cybersecurity efforts compared to other industries, he added.

"To encourage other industries to take serious measures as well, I think the Government should study carefully the need for relevant laws on cybersecurity," he said.