The message isn’t new — but it’s getting louder.
From McKinsey & Company to Gartner, and even Stanford HAI, major reports have been pointing in the same direction: AI adoption is moving at full speed, while governance struggles to keep up. Now, fresh data from Trend Micro’s TrendAI division adds more weight to that growing concern.
Based on a global survey of 3,700 IT and business leaders across 23 countries, the findings reinforce a pattern that’s becoming hard to ignore — the real risk in AI isn’t just the technology itself, but the widening gap between how fast it’s being deployed and how well it’s being controlled.
And this is where Malaysia stands out.
Among all markets surveyed, Malaysia recorded the highest level of pressure to push AI forward, even when risks are involved. About 75% of local IT decision-makers said they feel pushed to approve potentially risky AI implementations — notably higher than the global average.
But while adoption speeds ahead, detection capability tells a different story. Malaysian organisations are only catching around 33–34% of malicious AI activity, slightly below global benchmarks.
Put those two realities together, and a clearer picture emerges.
Malaysia isn’t just embracing AI quickly — it’s doing so with less visibility into what could go wrong.
The AI Governance Gap Malaysia Can’t Afford to Ignore
When Tech Wire Asia raised this directly with Ryan Flores during a media briefing in Kuala Lumpur, the response was refreshingly blunt. The governance gap, he explained, isn’t unique to Malaysia — it’s a global issue. But what sets Malaysia apart is the intensity of pressure to move quickly.
That urgency is coming from the top. National initiatives like the AI Nation 2030 roadmap, the MY-AI Standards platform, and large-scale investments in data centres are all clear signals: Malaysia wants to be a serious AI player, fast. But when that ambition filters down into companies, speed often takes priority over caution.
Security isn’t ignored — it’s simply overruled by momentum.
The problem is that governance hasn’t kept up. Malaysia’s proposed AI Governance Bill is still some distance from becoming policy, and existing guidelines remain largely voluntary. In the meantime, companies are left to navigate risk on their own.
Flores’ advice reflects that reality: don’t wait.
“Organisations need to define their own policies… If everyone waits for regulation, problems are going to happen.”
It’s a rare moment where a vendor openly tells businesses to act independently — and in this case, it’s hard to argue otherwise.
Big Bets on AI — But Gaps in Readiness
There’s another contradiction buried in the data.
Malaysia isn’t just adopting AI quickly — it’s also one of the most optimistic markets when it comes to agentic AI, with 60% of decision-makers expecting it to significantly reshape cybersecurity. That’s well above the global average.
On paper, that sounds promising. In reality, it raises questions.
Because while expectations are high, detection capabilities are still lagging. Organisations are catching less malicious AI activity than the global average, which means the tools meant to defend systems aren’t yet keeping up with the threats.
When asked about this mismatch, Flores suggested that companies don’t need to solve everything at once. Governance and implementation, he said, can evolve side by side — start small, scale carefully, and align leadership around risk.
It’s logical advice. But it assumes something the data suggests is still missing: internal alignment.
A Disconnect Between Business and IT
One of the clearest gaps isn’t technical — it’s organisational.
Only a small portion of Malaysian business leaders have received formal AI training, while IT teams are significantly more prepared. The result is a divide where those approving AI adoption and those managing its risks aren’t operating on the same page.
Governance shows a similar pattern. IT teams are far more likely to have policies in place compared to business units, reinforcing the idea that responsibility is unevenly distributed.
Goh Chee Hoh summed it up simply: business leaders see AI as a tool to drive growth, while IT teams understand the complexity behind securing it.
Bridging that gap, he argued, requires elevating AI security beyond the IT department — making it a board-level priority rather than a technical afterthought.
Competitive, But Is It Enough?
From a regional perspective, Malaysia isn’t falling behind. With support from institutions like Bank Negara Malaysia and CyberSecurity Malaysia, the country has a relatively strong foundation compared to some of its Southeast Asian peers.
By that measure, Malaysia is competitive.
But competitiveness doesn’t necessarily equal readiness — especially when the threat landscape is evolving just as quickly as the technology itself.
What This Actually Means
None of this is entirely new. Reports from global firms have been repeating the same themes for years: AI adoption is outpacing governance, business and IT are misaligned, and more autonomous systems are arriving before organisations are fully prepared.
What Malaysia adds to that narrative is scale and urgency.
- Higher pressure to deploy AI
- Lower detection of AI-related threats
- Regulation still in progress
- Strong belief in AI’s potential
That combination creates a very specific kind of risk — one where ambition moves faster than control.
The Real Question
The issue is no longer whether a governance gap exists. That’s already clear.
The real question is who takes ownership of closing it — and whether they have enough authority to act before something forces the conversation.
Flores pointed to a practical starting point: focus on manageable use cases like chatbots or internal automation, build governance frameworks around those, then expand gradually.
It’s a disciplined approach.
But in a market moving as quickly as Malaysia, the bigger challenge may not be knowing what to do — it’s whether companies can slow down just enough to do it properly.
