The Malaysian government is undertaking a detailed examination of how to better shield victims of cybercrime and online fraud, according to Datuk Seri Azalina Othman Said, Minister in the Prime Minister's Department (Law and Institutional Reform). Speaking after the National Cyber Security Summit (NCSS) 2026 in Putrajaya, Azalina outlined an ambitious initiative by the Legal Affairs Division (BHEUU) to construct a more robust framework for assisting those harmed by digital offences, tackling a growing challenge that has left many Malaysians without recourse.
The scope of the BHEUU study extends beyond simply prosecuting wrongdoers to encompassing victim support and compensation mechanisms. Azalina highlighted that Malaysia's current legal architecture, centred on the Penal Code and Criminal Procedure Code, prioritises the punishment of offenders while victim protection remains a secondary consideration. This structural imbalance has left individuals who fall prey to online scams with limited practical options beyond filing reports to authorities, and recovery of lost funds remains uncertain. The government recognises this gap and is now systematically exploring how legislative and regulatory changes could rebalance the system in favour of those who suffer financial losses through digital crimes.
A cornerstone of the investigation involves examining how other jurisdictions handle both offender punishment and victim compensation. Singapore's approach, where courts can impose corporal punishment alongside fines and imprisonment, presents one model under consideration. However, Azalina acknowledged that Malaysia's sentencing framework differs significantly, relying on monetary penalties and custodial sentences. The study will evaluate whether adopting harsher punishments might serve as a deterrent, though questions remain about whether increased penalties alone address the fundamental problem of victims recovering their money.
The Minister drew particular attention to mechanisms operating in the United Kingdom and Australia, where banks are required to refund customers in certain circumstances when they fall victim to online scams. These systems create a safety net that shifts some responsibility for fraud prevention and victim compensation to financial institutions. Azalina noted that Bank Negara Malaysia has not yet committed to implementing such a mechanism, but the concept is being seriously examined as part of the broader review. This approach could fundamentally alter how Malaysia addresses cybercrime, moving from a purely criminal justice response toward a compensation-based model that acknowledges the role banks play in transaction security.
The timing of this study reflects growing public concern about digital crime in Malaysia and throughout Southeast Asia. Online scam cases have multiplied in recent years, with criminals exploiting increasingly sophisticated methods to deceive victims across multiple platforms. The psychological and financial toll on affected individuals extends beyond the immediate loss, often triggering fraud-related depression and eroding public confidence in digital transactions. A comprehensive victim protection framework could help restore trust in Malaysia's digital economy while simultaneously sending a message to potential offenders that the consequences of cybercrime are escalating.
Azalina emphasised that the study encompasses not merely financial restitution but broader victim support mechanisms. This holistic approach recognises that cybercrime victims often require legal advice, emotional support, and assistance navigating complex claims processes. By examining how countries like the United Kingdom and Australia structure victim services alongside financial compensation, the BHEUU can develop recommendations that address multiple dimensions of the harm caused by online offences. Such comprehensive protections are particularly important for vulnerable populations, including elderly Malaysians who may lack digital literacy and are frequently targeted by scammers.
The international dimension of this review underscores a reality that cybercrime increasingly transcends borders. Criminals operating across jurisdictions often exploit regulatory gaps and differences in enforcement capabilities. By studying best practices globally, Malaysia positions itself to strengthen its defences and reduce its vulnerability as a potential staging ground or target for international cybercriminal networks. Enhanced victim protections might also encourage reporting and cooperation with law enforcement, providing authorities with better intelligence about emerging fraud trends and perpetrators.
One significant challenge the study must address is the coordination required between multiple stakeholders. Bank Negara, financial institutions, law enforcement agencies, the judiciary, and victim advocacy organisations must align on any new framework for victim protection. Creating mechanisms to refund scam victims, for instance, raises questions about how banks will verify claims, prevent double-claiming, and balance consumer protection with operational costs. Azalina's mention that Bank Negara has not yet decided on such an approach suggests these conversations are ongoing but not yet concluded.
The absence of a firm timeline for completing the study reflects the complexity of the undertaking. Developing legislation that addresses cybercrime victim protection while maintaining legal clarity and avoiding loopholes requires careful drafting and extensive consultation. Malaysia's experience with previous legislative reforms suggests that thorough groundwork now can prevent implementation problems later. The study's duration also allows time for international consultation and for monitoring how recently enacted protections in other countries perform in practice.
For Malaysian consumers and businesses, this initiative carries significant implications. A strengthened victim protection framework could provide insurance-like reassurance when conducting digital transactions, potentially accelerating Malaysia's digital economic growth by reducing fraud-related hesitation. Small business owners vulnerable to online payment fraud would particularly benefit from clearer paths to compensation and stronger penalties deterring organised cybercriminal groups. However, the ultimate effectiveness of any new protections will depend on implementation capacity, including whether law enforcement and financial institutions have adequate resources to administer new schemes.
The study also signals the government's recognition that reactive enforcement alone cannot solve Malaysia's cybercrime problem. By studying prevention mechanisms, victim support systems, and international collaboration frameworks, the BHEUU is positioning Malaysia to move beyond treating cybercrime as merely a criminal justice issue toward a more integrated approach. This evolution reflects global trends in how developed economies are reshaping their responses to digital threats, treating victim protection and offender deterrence as complementary rather than competing priorities.
