The opening day of GISEC 2025 concluded with a compelling session titled ‘Strengthening National Cybersecurity Governance: Enhancing Coordination and Managing Complexities.’ This high-level panel brought together cybersecurity leaders from five nations, with Adel Darwish, Regional Director for the Arab States at the International Telecommunication Union (ITU) serving as the moderator, to discuss strategies for building resilient digital infrastructures through collaborative governance, cross-sector integration, and capacity building.
Latest: UAE’s Cybersecurity Strategy: AI, Resilience, and Global Cooperation
Malaysia: Embedding Shared Responsibility and Developing Future Cyber Talent
Dr. Megat Zuhairy Megat Tajuddin, Chief Executive of Malaysia’s National Cyber Security Agency (NACSA), emphasized that effective cybersecurity governance begins with clarity in roles and shared responsibility across the entire ecosystem. “When everyone understands their role,” he stated, “it reduces complexity and creates coordinated action.”
Malaysia’s approach to cybersecurity governance is centered around structured coordination and targeted prioritization.
NACSA actively works to define sector-specific responsibilities, recognizing that some industries, such as telecommunications, require heightened attention due to their digital exposure. “Not all sectors are equally mature,” Dr. Tajuddin explained. “For those lagging behind, NACSA steps in to offer guidance, coordination, and even budget frameworks to help them catch up.”
A vital part of NACSA’s mission is establishing clear requirements and ethical frameworks across entities, including codes of conduct that emphasize why cybersecurity actions are necessary and why resources are needed.
On the topic of cybersecurity talent, Dr. Tajuddin offered a candid outlook on the global shortage, noting that Malaysia will require an estimated 30,000 skilled professionals to meet its digital economy ambitions. With cybersecurity expected to contribute 25% of the country’s digital gross domestic product (GDP), talent readiness is an economic imperative. However, Dr. Tajuddin cautioned that it’s not just about quantity, “We don’t just need 15,000 more people; we need to boost the efficiency of the talent we already have.”
To address this, Malaysia is adopting an unconventional, long-term strategy. Although the country produces 3,000–4,000 IT graduates annually, many do not enter the cybersecurity workforce. Rather than limit international mobility, Dr. Tajuddin encourages producing globally exportable talent, positioning Malaysia as both a regional cybersecurity hub and a contributor to global digital security.
Malaysia’s efforts in cyber awareness and education have also gained momentum. Inspired by Thailand’s early investment in youth cybersecurity literacy, NACSA launched the My Cyber Hero program, targeting secondary school students. Its companion certification initiative, which provides foundational cybersecurity training, saw over 2,000 participants in its first year, with that number doubling in 2025. “We believe the next generation can be the first line of defense,” Dr. Tajuddin noted.
Looking ahead, NACSA aims to develop local cybersecurity solutions, combining domestic expertise with industry collaboration. “Our definition of self-reliance goes beyond Malaysia,” he concluded.
“We must contribute regionally, and in doing so, cybersecurity sovereignty becomes a global trust effort.”
Belgium: Trust, Efficiency, and Public Engagement at the Core of Cybersecurity Governance
Miguel De Bruycker, Director General of the Centre for Cybersecurity Belgium (CCB), highlighted the country’s proactive approach to translating limited national resources into smart, scalable cyber resilience. As the central authority for implementing Belgium’s national cybersecurity policy, De Bruycker emphasized the complexity of intergovernmental coordination and the vital role of sharing information to manage threats across sectors.
“You must be able to share information, and do it securely and quickly,” he said. Yet, this task is not without its challenges, especially when handling classified data, which, by nature, is highly restricted. To address this, Belgium relies on a dedicated team equipped with secure tools to evaluate and push actionable intelligence as efficiently as possible, without compromising confidentiality.
“It’s not just about the tools; trust is the foundation.”
In an illustrative example, De Bruycker spoke about combating crypto-related online fraud and scams, a domain with little formal oversight at the national level. By initiating inter-agency dialogue and fostering collaborative data sharing, the CCB demonstrates how trust and transparency can move cybersecurity forward, even in grey regulatory areas. De Bruycker also advocated for incentivizing timely information sharing, underscoring that speed can be a decisive factor in neutralizing cyber threats.
De Bruycker also detailed Belgium’s Active Cybersecurity Program, structured around four pillars:
- Citizen Engagement: A national campaign that encourages the public to detect and report threats like phishing. In 2024 alone, Belgians submitted over 25,000 phishing emails, reflecting growing awareness and digital vigilance.
- Network Defense Measures: Through a real-time domain filtering system, the CCB has rerouted internet traffic 240 million times to warning pages, helping block malicious sites and prevent access to harmful content. These efforts are coordinated with internet service providers (ISPs) to strengthen endpoint protection.
- Institutional Cyber Hygiene: Belgium promotes cybersecurity as a routine requirement for all sectors. A unified risk assessment tool is offered to companies across 18 critical sectors, built around shared standards and a common security layer. “We’re creating a baseline for cyber hygiene; something everyone can apply,” De Bruycker said.
- Secure Digital Identity: Looking ahead, Belgium sees transaction-based digital identity as pivotal for ensuring security in increasingly digitized environments. This is based on who you are in a specific context, indicating a shift toward purpose-based identity validation.
While acknowledging Belgium’s small size, De Bruycker firmly believes that smart, citizen-centric programs, underpinned by trust, coordination, and a forward-looking strategy, can offer a blueprint for effective cybersecurity governance at a national level.
South Korea: Scaling Cyber Resilience through Governance Reform and Global Partnerships
Jin Young Oh, Vice President of the Korea Internet & Security Agency (KISA), spotlighted South Korea’s evolving approach to cybersecurity governance as it adapts to the growing scale and complexity of cyber threats. Representing one of the world’s most digitally advanced nations, Oh emphasized that coordination across public and private data infrastructure is becoming increasingly essential as the impact of attacks grows.
South Korea’s cybersecurity architecture has undergone a significant shift in recent years.
As part of its restructuring, KISA’s role became more focused on telecommunications and information and communication technology (ICT), working under the guidance of the Ministry of Science and ICT. The agency now oversees around 300 key infrastructure facilities, collaborating closely with the national cyber risk management unit and other sectoral authorities to ensure real-time threat detection and coordinated incident response.
“We had to rethink how we govern cybersecurity,” Oh explained. “That meant reconsidering who holds responsibility, and how we enable both public-private collaboration and technical readiness across sectors.”
A critical area of KISA’s expanded mission is workforce development for the cybersecurity and telecom industries in response to the rising demand for specialized expertise across national systems. The agency is also playing a key role in supporting relative industries to elevate overall sectoral resilience.
On the international front, Oh highlighted South Korea’s leadership through the Global Cybersecurity Center for Development (GCCD), a joint initiative between KISA and the World Bank, launched in 2016.
With “digital trust” as its central theme, the GCCD focuses on critical infrastructure protection and knowledge exchange, particularly with developing countries.
One of its hallmark initiatives is the Cybersecurity Alliance for Mutual Progress (CAMP Alliance), which brings together cybersecurity professionals from emerging economies to share best practices and jointly address geopolitical and technical challenges. “We don’t aim our programs at the big countries,” Oh clarified. “Our focus is on supporting developing nations.”
The GCCD’s regional engagement includes ASEAN programs, with targeted efforts to improve cybersecurity education and certification, especially in countries where institutional readiness remains low. The initiative is also expanding into the Gulf Cooperation Council (GCC), Latin America, and the Caribbean.
“Through GCCD, we’re not just exporting solutions; we’re building collective cyber resilience,” Oh concluded, positioning South Korea as a global enabler in the pursuit of a secure digital future.
Italy: Building National Cyber Coordination from Fragmentation to Strategic Unity
Rear Admiral (RO) ITN Gianluca Galasso, Head of Operations and the Cyber Crisis Management Directorate at Italy’s National Cybersecurity Agency (ACN), detailed how Italy has been overcoming a historically fragmented cybersecurity landscape. Before 2021, cybersecurity responsibilities in Italy were largely decentralized, often limited to individual facilities and absent from broader national policy. Recognizing this critical gap, Italy established the ACN to unify and elevate its approach.
“Our cybersecurity governance was fragmented. [There were] too many responsibilities without coordination,” Galasso said. “We needed a mechanism to align intelligence, defense, law enforcement, and resilience under a single strategy.”
The creation of the ACN marked a turning point. It now hosts the National Cybersecurity Architecture, which brings together 14 key public administrations. This architecture operates on two levels:
- At the operational level, ACN manages cyber crisis responses, promotes national and international cooperation, and puts forward recommendations based on real-time threat intelligence.
- At the strategic level, the Ministerial Cybersecurity Committee, composed of high-ranking officials, reviews and approves these recommendations, providing top-down guidance for regulation and policy.
This dual-structure governance model ensures strategic coherence and real-world responsiveness.
Galasso emphasized the importance of flexibility, explaining that, “Cybersecurity is ever-changing. We can’t afford rigid systems; we need adaptable, informed coordination.” Hence, ACN has also institutionalized regular threat-sharing practices. At least once a month, all 14 administrations meet to exchange threat intelligence, review the evolving landscape, and align on common priorities.
“It’s not about individual threats,” Galasso explained. “We come together to collectively identify potential risks and decide on action—no one makes decisions in isolation.”
He referenced two key examples that tested this mechanism:
- In February 2022, as Russia invaded Ukraine, Italy’s cyber leaders convened immediately to evaluate potential ripple effects on national systems.
- During the CrowdStrike incident, which affected global systems, the agency launched early-morning coordination across all major stakeholders to assess risks and mitigate impacts in real time.
Galasso also highlighted cybersecurity skills development as a national priority. “There is no development without cybersecurity skills,” he stressed, noting that Italy’s National Cybersecurity Strategy explicitly integrates education, awareness, and talent development.
ACN is working with technical high schools to launch cybersecurity-focused curricula, including specialized training for cloud managers and IT personnel. The government is actively promoting science, technology, engineering, and mathematics (STEM) scholarships, while also collaborating with public administrations to provide essential cyber skills to diplomats, prosecutors, and other civil servants starting this year.
“It's a cultural shift,” Galasso admitted. “Embedding cybersecurity into education takes time, but it’s essential if we want to build a digitally secure nation.”
Rwanda: Building a Cyber-Resilient Nation through Shared Responsibility and Education
David Kanamugire, Chief Executive Officer of Rwanda’s National Cybersecurity Authority (NCSA), emphasized the country's journey in embedding cybersecurity into the heart of national development since the authority’s establishment in 2020. “It takes a village to raise a child,” Kanamugire said, using a powerful analogy to underscore his core message: Cybersecurity is not the sole mandate of one agency; it must be a shared responsibility across the entire government and society.
Kanamugire stressed that demystifying cybersecurity has been a central priority.
“Cybersecurity isn’t some mysterious, isolated function; it’s just one of the many tools in the development toolbox,” he explained. “Our focus is on mainstreaming cybersecurity, so every department, from finance to education, understands its role in digital protection.”
Rwanda’s “whole-of-government” approach is making clear progress. Rather than positioning NCSA as the lone protector, the agency has positioned itself as a catalyst for national coordination, helping ministries and institutions integrate cybersecurity into their operations through engagement, training, and strategic planning.
One of the main challenges, Kanamugire explained, lies in ensuring that both technology and organizational structures evolve together.
It’s not just about deploying the right tech. We must ask, ‘Do the agencies have the right people, resources, and mindset?’
This involves encouraging departments to own their cyber responsibilities, even if they aren’t traditionally ICT-focused. “When cybersecurity is seen as everyone’s business, what was once scary becomes exciting,” he added. “People are more willing to engage when they feel part of a joint mission.”
Moreover, with the rapid digital transformation across Africa, Kanamugire identified cyber skills (not technology) as the most limiting factor. Rwanda has made significant strides through the creation of a Cybersecurity Academy, which focuses on capacity building, education, and practical training.
“Skills development is key,” he noted. “Through the [Cybersecurity] Academy, we’re not just educating professionals; we’re building a national culture of cyber hygiene, especially as digital services continue to grow.”
Rwanda is also working on embedding cybersecurity awareness in early education, aligning with regional ambitions to build indigenous cyber talent.
These efforts are crucial as African nations accelerate digital adoption and become more integrated into the global digital economy.
Final Reflections: A Unified Vision for Cybersecurity
In closing, each panelist shared their perspectives on the most critical improvements needed in the cybersecurity landscape:
- Malaysia: Advocated for diversity in products, actions, and industry players to foster collaboration and innovation.
- Belgium: Emphasized the need for clear governance and defined roles to bring stakeholders together effectively.
- South Korea: Stressed the effectiveness of a centralized and streamlined approach for consistent incident response.
- Italy: Called for clear governance, robust coordination in overlapping areas, and proactive programs to respond to cyber threats.
- Rwanda: Highlighted the imperative of integrating security into every aspect of the digital world, acknowledging that there is no turning back.
The session concluded with a shared commitment to enhancing national cybersecurity governance through collaboration, innovation, and a unified approach to managing complexities in the digital age.
