Malaysia’s fast-growing e-commerce ecosystem has delivered significant convenience and economic benefits, yet it also presents new cybersecurity challenges for both consumers and businesses. Online shoppers are frequently exposed to phishing scams, fake promotions, malicious apps, and fraudulent payment requests, while retailers face increasing threats from ransomware, data theft, and system disruptions. Against this backdrop, cybersecurity has become a critical component of sustaining trust and long-term growth in Malaysia’s digital commerce environment.
E-commerce Growth in Malaysia
Malaysia’s e-commerce sector continued its steady expansion in 2025, reinforcing its role as a key driver of the digital economy. According to the Malaysia Digital Economy 2025 Report by the Department of Statistics Malaysia (DOSM), e-commerce revenue reached RM937.5 billion in the first nine months of 2025, representing a 1.9% increase year-on-year. The sector also remained structurally significant, with ICT and e-commerce contributing 23.4 per cent of the economy in 2024, equivalent to RM451.3 billion.
According to Usage of ICT and E-Commerce by Establishments 2024 Report, Business-to-Business (B2B) activity remained dominant, generating RM817.1 billion in revenue, followed by Business-to-Consumer (B2C) transactions at RM336.6 billion and Business-to-Government (B2G) at RM30.4 billion. Domestic e-commerce income expanded to RM1.05 trillion, alongside RM131.1 billion in international income, while total e-commerce expenditure rose to RM571.4 billion, driven primarily by B2B activity and supported by growing adoption of digital procurement and e-payment systems.
Malaysians’ Online Shopping Behaviour
In its recent research report, Ipsos Malaysia disclosed that 62% of Malaysians made an online purchase in the past six months in 2025, with 70% browsed e-commerce platforms. Adoption was led by those aged 25–34, with growing participation among older consumers.
Malaysian consumers primarily purchase fashion and home care products online, while higher-value goods are still often bought in physical stores. Apart from conventional online shopping platforms, Ipsos found that TikTok Shop is emerging rapidly in Malaysia, driven by its blend of social and entertainment features. As the market matures, shoppers increasingly prioritise promotions, value for money, ease of use, and fast delivery over traditional concerns about product quality.
Rising Cyber Threats in Retail and E-Commerce as observed by Kaspersky
Global cybersecurity and digital privacy company Kaspersky, in its 2025 Security Bulletin focused on cybersecurity in the retail and e-commerce sector, reported that 152% more unique B2B users in the retail and e-commerce sector encountered ransomware detections in 2025 compared to 2023. Meanwhile, 6.7 million phishing attacks which targeted users of online stores, delivery companies and payment systems were identified by Kaspersky with 50.58% of these phishing attacks targeting online stores.
Kaspersky experts recommend Malaysian online shoppers to practise the following to keep safe:
- Guard privacy with smart tools. Be cautious about what is shared and avoid uploading personal images or details in queries. Interactions help build a profile used for ads and service improvements.
- Verify senders and links. Don’t trust discounts or order notifications from emails or messages. Always double-check the sender’s address and manually type the store’s website URL into the browser instead of clicking on any links you receive.
- Research the store before buying. If shopping at a new or unfamiliar online store, take a moment to check its legitimacy: look for customer reviews, ensure the website address is spelled correctly, and confirm that the site pages look professional and polished.
- Monitor your card transactions regularly. Fraudulent charges can slip through unnoticed. Make it a habit (e.g., once a week) to log into one’s online banking or mobile app to review all recent transactions. If anything suspicious is identified, block the credit card and contact the bank immediately.
- Adopt a proactive security approach to protect against malware and data theft. Use reliable cybersecurity software to prevent infections and scan your device regularly. If you discover an infected app, remove it immediately and do not reinstall it until a confirmed, clean update is released. Complement this by managing sensitive data securely: avoid storing passwords or recovery phrases in your photo gallery or notes; instead, use a dedicated, trusted password software.