Digital transformation in Malaysia has entered a new phase: less about bold roadmaps, more about fixing what’s broken. With the digital economy expected to reach 25.5% of GDP by 2025, the challenge now is turning strategy into results. Leaders aren’t chasing the next big thing – they are focused on integration bottlenecks, talent gaps, and showing real ROI.
The technology isn’t the problem; it’s making it stick. AI, cloud, and data platforms only deliver value when backed by the right systems, skills, and governance. From aviation to agriculture, organisations are being forced to rethink how they work, how they hire, and how they measure success.
Through a series of interviews and roundtable conversations with Malaysian business and tech leaders, Ecosystm heard firsthand what’s driving – and holding back – digital progress. These weren’t polished success stories, but honest reflections on what it really takes to move forward. The five themes below highlight where Malaysia’s transformation is gaining ground, where it’s getting stuck, and what’s needed to close the gap between ambition and execution.
Theme 1. Ecosystem Collaboration Is Driving Malaysia’s Digital Momentum
Malaysia’s digital transformation is being shaped not by individual breakthroughs, but by coordinated momentum across government, industry, and technology providers. This ecosystem-first approach is turning national ambitions into tangible outcomes. Flagship initiatives like JENDELA, Digital Nasional Berhad’s 5G rollout, and cross-agency digital infrastructure programs are laying the groundwork for smarter public services, connected industries, and inclusive digital access.
The Ministry of Digital (MyDigital) is taking a central role in aligning AI, 5G, and cybersecurity efforts under one roof – helping speed up policy execution and improve coordination between regulators and the private sector. Major tech players like Microsoft, Google, Nvidia, and AWS are responding with expanded investments in local cloud regions, chip design collaborations, and foundational AI services designed for Malaysian deployment environments.
What’s emerging is not just a policy roadmap, but a digitally integrated economy – where infrastructure rollouts, vendor innovation, and government leadership are advancing together. As Malaysia targets to create 500,000 new jobs and reach over 80% 5G population coverage, the strength of these partnerships will be critical in ensuring national strategies translate into sector-level execution.
Theme 2. Laying the Groundwork for Malaysia’s AI Economy
With over 90% of online content projected to be AI-generated by 2025, Malaysia faces growing urgency to ensure that the systems powering AI development are secure, interoperable, and locally relevant. This is about more than data sovereignty – it’s about building the infrastructure to support scalable, trusted, and sector-wide AI adoption.
The National AI Office (NAIO), under MyDigital, is leading efforts to align infrastructure with national priorities across healthcare, manufacturing, agriculture, and public services. Initiatives include supporting domestic data centres, enabling cross-sector cloud access, and establishing governance frameworks for responsible AI use.
The priority is no longer just adopting AI tools, but enabling Malaysia to develop, fine-tune, and deploy them on infrastructure that reflects local needs. Control over this ecosystem will shape how AI delivers value — from national security to inclusive fintech. To support this, Budget 2025 allocates USD 11.7 million for AI education and USD 4.2 million for the National AI Framework. Programs like AI Sandboxes, alongside emerging public-private partnerships, are helping bridge gaps in talent and tooling.
Together, these efforts are laying the foundation for an AI economy that is scalable, trusted, and anchored in Malaysia’s long-term digital ambitions.
Theme 3. Malaysia’s Enterprise AI Landscape: Still in Its Early Stages
Malaysian enterprises are actively exploring AI to drive competitiveness, but widespread, production-grade adoption remains limited. While leading banks are leveraging AI for fraud detection and digital onboarding, and manufacturers are exploring predictive maintenance and automation, many companies face barriers in scaling beyond pilots. Core challenges include siloed data systems, unclear return on investment, and limited in-house AI talent. Even when tools are available, businesses often lack the capacity to integrate them meaningfully into workflows.
Cost is another concern. AI implementation, especially when reliant on third-party platforms or cloud infrastructure, can be prohibitively expensive for mid-sized firms. Without a clear link to bottom-line improvement, AI investments are frequently deprioritised. There’s also lingering uncertainty around governance and compliance, which can further slow enterprise momentum.
For AI to scale across Malaysia, enterprise strategies must align with operational realities – offering cost-effective, localised solutions that deliver measurable value and inspire long-term confidence in digital transformation.
Theme 4. Building on Regulation to Achieve True Cyber Resilience
Malaysia is ramping up its cybersecurity strategy with a stronger regulatory backbone and ecosystem-wide initiatives. The upcoming Cyber Security Bill introduces mandatory breach notifications, sector-specific controls, and licensing for Managed Security Operations Centres (SOCs). Agencies like NACSA are driving protections across 11 critical sectors, while the Cybersecurity Centre of Excellence (CCoE) in Cyberjaya is scaling SOC analyst training in partnership with international players. These efforts are complemented by Malaysia’s leadership role in IMPACT, the UN’s cybersecurity hub, and participation in ASEAN-wide resilience initiatives.
Despite this progress, enterprise readiness remains inconsistent. Malaysian businesses faced an average of 74,000 cyberattacks per day in 2023, yet many still rely on outdated playbooks and fragmented systems. Cybersecurity is often viewed through a compliance lens – meeting audit requirements rather than preparing for real-time recovery. Investments are still skewed toward perimeter defences, while response protocols, cross-team coordination, and real-time observability are underdeveloped.
True resilience requires a shift in mindset: cybersecurity must be treated as a board-level business function. It must be operationalised through simulations, automated response frameworks, and enterprise-wide drills. In a threat landscape that is both persistent and sophisticated, Malaysia must evolve from regulatory compliance to strategic continuity – where recovery speed, not just prevention, becomes the defining metric of cyber maturity.
Theme 5. Malaysia’s Digital Transformation Is Being Led by Industry, Not Policy
While national strategies like the New Industrial Master Plan 2030 set out broad ambitions, real AI-led transformation in Malaysia is taking shape from the ground up, driven by industrial leaders tackling operational challenges with data. Manufacturing and Energy firms, which together contribute over 30% of Malaysia’s GDP, are ahead of the curve. Leaders are using AI for predictive maintenance, digital twins, logistics optimisation, and emissions tracking, often outpacing regulatory requirements.
In some cases, cloud platforms now process millions of machine data points daily to reduce downtime and lower costs at scale. What sets these firms apart is their focus on well-integrated, usable data. Rather than running isolated pilots, they’re building interoperable systems with shared telemetry, open APIs, and embedded analytics, with a focus on enabling AI that adapts in real time.
Malaysia’s next leap in transformation will hinge on whether the data discipline seen in leading industries can be replicated across less-digitised sectors.
If we consider Agriculture – still contributing 7-8% of GDP and employing nearly 10% of the workforce – we find that it remains digitally fragmented. While drones and IoT devices are collecting NDVI and soil data, much of it remains siloed or underutilised. Without clean data pipelines or national integration standards, AI struggles to move from demonstration to deployment.
A Moment to Redefine Ambition
Malaysia stands at a point where digital ambition must evolve into digital maturity. This means asking harder questions – not about what can be built, but what should be prioritised, sustained, and scaled. As capabilities deepen, the challenge is no longer innovation for its own sake, but ensuring technology serves long-term national resilience, equity, and competitiveness. The decisions made now will shape not just digital progress – but the kind of economy and society Malaysia becomes in the decade ahead.
Ecosystm and Bitstamp, conducted an invitation-only Executive ThinkTank at the Point Zero Forum in Zurich. A select group of regulators and senior leaders from financial institutions from across the globe came together to share their insights and experiences on Decentralised Finance (DeFi), innovations in the industry, and the outlook for the future.
Here are the 5 key takeaways from the ThinkTank.
- Regulators: Perception vs. Reality. Regulators are generally perceived as having a bias against innovations in the Financial Services industry. In reality, they want to encourage innovation, and the industry players welcome these regulations as guardrails against unscrupulous practices.
- Institutional Players’ Interest in DeFi. Many institutional players are interested in DeFi to enable the smooth running of processes and products and to reduce costs. It is being evaluated in areas such as lending, borrowing, and insurance.
- Evolving Traditional Regulations. In a DeFi world, participants and actors are connected by technology. Hence, setting the framework and imposing good practices when building projects will be critical. Regulations need to find the right balance between flexibility and rigidity.
- The Importance of a Digital Asset Listing Framework. There has been a long debate on who should be the gatekeeper of digital asset listings. From a regulator’s perspective, the liability of projects needs to shift from the consumer to the project and the gatekeeper.
- A Simplified Disclosure Document. Major players are willing to work with regulators to develop a simple disclosure document that describes the project for end-users or investors.
Read below to find out more.
Download Pathways for Aligning Innovation and Regulation in a DeFi World as a PDF
Ecosystm supported by their partner EY, conducted an invitation-only Executive ThinkTank at the Point Zero Forum in Zurich. A select group of regulators, investors, technology providers, and senior leaders from financial institutions from across the globe came together to share their insights and experiences on the practicability, regulatory support, and implications of sustainable finance portfolios.
Here are some of the key takeaways from the ThinkTank.
- The Barriers to a Sustainable Future. The first step towards a sustainable future is recognising the challenges organisations face when pursuing Net Zero targets. Often, Net Zero targets are looked upon as additional costs.
- Overcoming the Challenges. It is important to connect Net Zero back to business goals, given that there might be sudden shifts in regulations and because of the emergence of environment-conscious consumers.
- A Sustainable Future Requires a Collaborative Approach. Global governments, regulators, Financial Services institutions, other enterprises, and technology providers need to collaborate on building a sustainable future.
- A Time for Simplification. Clear mandates on reporting climate aspects similar to how financial aspects are reported, will result in greater adoption of sustainability and ESG measures.
- The Role of Digital Architecture. The path to a Net Zero, decarbonised world will be technology-led.
Read below to find out more.
Download Risks and Opportunities of Net Zero Commitments and Decarbonisation Pathways as a PDF
It’s been a while since I lived in Zurich. It was about this time of year when I first visited the city that I instantly fell in love with. Beautiful blue skies and if you’re lucky enough, you can see the snow-capped mountains from Lake Zurich. It’s hard not to be instantly drawn to this small city of approximately 1.4 million people, which punches well above its weight class. One out of every eleven jobs in Switzerland is in Zurich. The financial sector generates around a quarter of the city’s economic output and provides approximately 59,000 full time equivalent jobs – accounting for 16% of all employment in the city.
Between 21-23 June, Zurich will also be home to the Point Zero Forum – an exclusive invite-only, in-person gathering of select global leaders, founders and investors with the purpose of developing new ideas on emerging concepts such as decentralised finance (DeFi), Web 3.0, embedded finance and sustainable finance; driving investment activity; and bringing together public and private sector leaders to brainstorm on regulatory requirements.
The Future of DeFi
Zug is a little canton outside of Zurich and is famously known as “Crypto Valley”. When I lived in Zurich, Zug was the home of many of the country’s leading hedge funds as Zug’s low tax, business friendly environment and fantastic quality of life attracted many of the world’s leading fund managers and companies. Today the same can be said about crypto companies setting up shop in Zug. And crypto ecosystems are expanding exponentially.
However, with the increase in the global adoption of cryptocurrency, what role will the regulators play in aligning regulation without stifling innovation? How can Crypto Valley and Singapore play a role in defining the role regulation will play in a DeFi world?
DeFi is moving fast and we are seeing an explosion of new ideas and positive outcomes. So, what can we expect from all of this? Well, that is what I will discuss with a group of regulators and industry players in a round table discussion on How an Adaptive and Centralised Regulatory Approach can Shape a Protected Future of Finance at the Point Zero Forum. We will explore the role of regulators in a fast-moving industry that has recently seen some horror stories and how industry participants are willing to work with regulators to meet in the middle to build an exciting and sometimes unpredictable future. How do we regulate something in the future? I am personally looking forward to the knowledge sharing.
For the industry to strive and innovate, we need both regulators and industry players to work together and agree to a working framework that helps deliver innovation and growth by creating new technology and jobs. But we also need to keep an eye out on the increasing number of scams in the industry. It is true to say that we have seen our fair share of them in recent months. The total collapse of TerraUSD and Luna and the collapse of the wider crypto market that saw an estimated loss of USD 500 billion has really spooked global markets.
So is cryptocurrency here for good and will it be widely adopted globally? How will regulators see the recent collapse of Luna and view regulations moving forward? We have reached an interesting point with cryptocurrencies and digital assets in general. Is it time to reflect on the current market or should we push forward and try to find a workable middle ground?
Let’s find out. Watch this space for my follow-up post after the Point Zero Forum event!
In this Insight, guest author Anupam Verma talks about the technology-led evolution of the Banking industry in India and offers Cloud Service Providers guidance on how to partner with banks and financial institutions. “It is well understood that the banks that were early adopters of cloud have clearly gained market share during COVID-19. Banks are keen to adopt cloud but need a partnership approach balancing innovation with risk management so that it is ‘not one step forward and two steps back’ for them.”
India has been witnessing a digital revolution. Rapidly rising mobile and internet penetration has created an estimated 1 billion mobile users and more than 600 million internet users. It has been reported that 99% of India’s adult population now has a digital identity in the form of Aadhar and a large proportion of the adult Indians have a bank account.
Indians are adapting to consume multiple services on the smartphone and are demanding the same from their financial services providers. COVID-19 has accelerated this digital trend beyond imagination and is transforming India from a data-poor to a data-rich nation. This data from various alternate sources coupled with traditional sources is the inflection point to the road to financial inclusion. Strong digital infrastructure and digital footprints will create a world of opportunities for incumbent banks, non-banks as well as new-age fintechs.
The Cloud Imperative for Banks
Banks today have an urgent need to stay relevant in the era of digitally savvy customers and rising fintechs. This journey for banks to survive and thrive will put Data Analytics and Cloud at the front and centre of their digital transformation.
A couple of years ago, banks viewed cloud as an outsourcing infrastructure to improve the cost curve. Today, banks are convinced that cloud provides many more advantages (Figure 1).
Banks are also increasingly partnering with fintechs for applications such as KYC, UI/UX and customer service. Fintechs are cloud-native and understand that cloud provides exponential innovation, speed to market, scalability, resilience, a better cost curve and security. They understand their business will not exist or reach scale if not for cloud. These bank-fintech partnerships are also making banks understand the cloud imperative.
Traditionally, banks in India have had concerns around data privacy and data sovereignty. There are also risks around migrating legacy systems, which are made of monolithic applications and do not have a service-oriented architecture. As a result, banks are now working on complete re-architecture of the core legacy systems. Banks are creating web services on top of legacy systems, which can talk to the new technologies. New applications being built are cloud ready. In fact, many applications may not connect to the core legacy systems. They are exploring moving customer interfaces, CRM applications and internal workflows to the cloud. Still early days, but banks are using cloud analytics for marketing campaigns, risk modelling and regulatory reporting.
The remote working world is irreversible, and banks also understand that cloud will form the backbone for internal communication, virtual desktops, and virtual collaboration.
Strategy for Cloud Service Providers (CSPs)
It is estimated that India’s public cloud services market is likely to become the largest market in the Asia Pacific behind only China, Australia, and Japan. Ecosystm research shows that 70% of banking organisations in India are looking to increase their cloud spending. Whichever way one looks at it, cloud is likely to remain a large and growing market. The Financial Services industry will be one of the prominent segments and should remain a focus for cloud service providers (CSPs).
I believe CSPs targeting India’s Banking industry should bucket their strategy under four key themes:
- Partnering to Innovate and co-create solutions. CSPs must work with each business within the bank and re-imagine customer journeys and process workflow. This would mean banking domain experts and engineering teams of CSPs working with relevant teams within the bank. For some customer journeys, the teams have to go back to first principles and start from scratch i.e the financial need of the customer and how it is being re-imagined and fulfilled in a digital world.
CSPs should also continue to engage with all ecosystem partners of banks to co-create cloud-native solutions. These partners could range from fintechs to vendors for HR, Finance, business reporting, regulatory reporting, data providers (which feeds into analytics engine).
CSPs should partner with banks for experimentation by providing test environments. Some of the themes that are critical for banks right now are CRM, workspace virtualisation and collaboration tools. CSPs could leverage these themes to open the doors. API banking is another area for co-creating solutions. Core systems cannot be ‘lifted & shifted’ to the cloud. That would be the last mile in the digital transformation journey. - Partnering to mitigate ‘fear of the unknown’. As in the case of any key strategic shift, the tone of the executive management is important. A lot of engagement is required with the entire senior management team to build the ‘trust quotient’ of cloud. Understanding the benefits, risks, controls and the concept of ‘shared responsibility’ is important. I am an AWS Certified Cloud Practitioner and I realise how granular the security in the cloud can be (which is the responsibility of the bank and not of the CSP). This knowledge gap can be massive for smaller banks due to the non-availability of talent. If security in the cloud is not managed well, there is an immense risk to the banks.
- Partnering for Risk Mitigation. Regulators will expect banks to treat CSPs like any other outsourcing service providers. CSPs should work with banks to create robust cloud governance frameworks for mitigating cloud-related risks such as resiliency, cybersecurity etc. Adequate communication is required to showcase the controls around data privacy (data at rest and transit), data sovereignty, geographic diversity of Availability Zones (to mitigate risks around natural calamities like floods) and Disaster Recovery (DR) site.
- Partnering with Regulators. Building regulatory comfort is an equally important factor for the pace and extent of technology adoption in Financial Services. The regulators expect the banks to have a governance framework, detailed policies and operating guidelines covering assessment, contractual consideration, audit, inspection, change management, cybersecurity, exit plan etc. While partnering with regulators on creating the framework is important, it is equally important to demonstrate that banks have the skill sets to run the cloud and manage the risks. Engagement should also be linked to specific use cases which allow banks to effectively compete with fintech’s in the digital world (and expand financial access) and use cases for risk mitigation and fraud management. This would meet the regulator’s dual objective of market development as well as market stability.
Financial Services is a large and growing market for CSPs. Fintechs are cloud-native and certain sectors in the industry (like non-banks and insurance companies) have made progress in cloud adoption. It is well understood that the banks that were early adopters of cloud have clearly gained market share during COVID-19. Banks are keen to adopt cloud but need a partnership approach balancing innovation with risk management so that it is ‘not one step forward and two steps back’ for them.
The views and opinions mentioned in the article are personal.
Anupam Verma is part of the Leadership team at ICICI Bank and his responsibilities have included leading the Bank’s strategy in South East Asia to play a significant role in capturing Investment, NRI remittance, and trade flows between SEA and India.
