Malaysia has joined Singapore and Ghana in passing laws that require cybersecurity professionals or their firms to be certified and licensed to provide cybersecurity services in their country.

Malaysia joins Asia-Pacific neighbour Singapore, which has required the licensing of cybersecurity service providers (CSPs) for the past two years, and the West African nation of Ghana, which requires the licensing of CSPs and the accreditation of cybersecurity professionals (CPs) and cybersecurity establishments (CEs). More widely, governments such as the European Union have normalised cybersecurity certifications, while other agencies in the US state of New York require certification and licenses for cybersecurity capabilities in specific industries.

While many governments require businesses to obtain licenses to offer cybersecurity services, Ghana is the only nation to require individuals to have a license, says the managing director of cybersecurity business consulting at Positive Technologies, a Moscow-based cybersecurity provider, Alexey Lukatsky.

"The uniqueness of Ghana's approach lies in the fact that licensing requirements apply not to all cybersecurity specialists, but to those who plan to work in four specific areas such as vulnerability assessment and penetration testing, digital forensics, managed cybersecurity services, cybersecurity training, and cybersecurity GRC," he said.

Singapore's government has taken a proactive approach to prompt the private industry to adopt stringent cybersecurity regulations, with organisations so far implementing more than 70 percent of the requirements needed for a "Cyber Essentials" certification.