Cyberthreats in Malta: shared threats must be met with a unified mindset
People, mindset and shared responsibility
At the ‘Safety in the Online World’ Times of Malta business breakfast organised by Diligex, MITA, MITA-NCC and global cybersecurity practice Thomas Murray, technologists, CISOs, the national agency and business executives came together for a candid conversation on Malta’s evolving cybersecurity threat landscape. What emerged wasn’t just a list of sophisticated tools or complex frameworks. The session delivered a conversation largely about people, mindset and shared responsibility.
Cybersecurity has long been seen as the exclusive domain of IT departments, or that only concerns governments and big banks. This event challenged exactly that narrative. It revealed that cyber risk is now as much a strategic and governance-level concern as it is a technical one. Across all sectors, a consensus emerged: business leaders must start thinking tech and risk, and tech professionals must learn to speak the language of business.
Addressing the event, outlining the realities of cyberattacks and the investment being undertaken by the government, MITA CEO Emanuel Darmanin squarely summed up that “cybersecurity must be embedded into our culture”.
Lorleen Farrugia, a psychologist and lecturer at the University of Malta, who has carried out extensive research on online risks particularly upon children, gave a human face to a virtual threat, eloquently comparing a cyber breach to the trauma of having burglars run through your personal belongings. She shared that her research on youngsters showed how their top concern was being hacked and losing their gaming profiles which they so dearly built over time. This shows how value is relative and how hackers know exactly how to study their target, understand what possessions they value and hit where it hurts most.
Edward Starkie and Shreeji Doshi, cyber risk directors at Thomas Murray, shared details of an Orbit Security threat intelligence study specifically carried out for this event, covering 339 entities across Malta. The results were sobering:
• Trade and professional services are the main sectors covered by the study that lag substantially behind global peers monitored;
• Public sector and financial services compare well with global peers but receive equivalent heightened attention as observed globally;
• Due to its prevalent presence in Malta, iGaming features as a more present target compared to the average in terms of global peers;
• 13% of monitored entities had critical vulnerabilities;
• and all too often, outdated technologies and unpatched systems left firms exposed. These are usually the quickest wins.
Cybersecurity is a shared mission
“Malta has already faced serious cyber incidents,” Starkie noted. “And organisations here remain attractive to both opportunistic and state-sponsored cybercriminals.”
Financial services and iGaming continue to be high-value targets, while Malta’s geopolitical realities adds further exposure to advanced persistent threats (APTs) such as Akira, LYNX and RansomHub.
The country’s interconnected economy was also flagged as a multiplier of risk. Third-party suppliers, especially SMEs, often have access to sensitive data or systems. Without strong cyber hygiene, they become weak links in otherwise robust chains.
Jonathan Cassar, CISO at MITA, added a critical insight: “SMEs are targeted because of the value of trust that they hold in the supply chain relationships.” He stressed the importance of continuous monitoring, training and proactive collaboration across the public and private sectors.
Crucially, cybersecurity must now be reframed in terms of trust and resilience. Boards must understand the risks, not just be informed of them. As Simon Zammit, CEO of the Malta Stock Exchange, put it: “It’s all about board buy-in. How well are we communicating to boards? And how often are we testing our response, not just filing away policies?”
Nick Spiteri Paris, CEO of Bigbon Group, echoed the business-first view: “Every company holds secrets: proprietary processes, customer data, market intelligence and internal relationships. Whether you believe it or not, you’re a high-value target.”
In the face of growing threats, the panellists agreed that communication and collaboration must be Malta’s frontline defences. Cybersecurity is equally about investment and implementation of tools and equally about culture, language and alignment.
The closing message was unmistakable: cybersecurity is a shared mission. We must bridge the gap between the boardroom and the server room. Investment is key as the financial and non-financial costs of recovery are no joke. We must translate technical risks into strategic value and decisions. Strategy without digital resilience in this day and age is no strategy to begin with.
That mindset shift may prove to be Malta’s most effective defence. Yet are business leaders ready to walk the talk before they’re forced to walk the plank?
Matthew Agius Mamo is CEO, Diligex Ltd.
This article is based on insights shared at ‘Safety in the Online World: Cyber Threats, Risks and Resilience,’ a Times of Malta business breakfast hosted by Diligex in collaboration with MITA, MITA-NCC and Thomas Murray. For more information on the full threat intelligence study undertaken, contact cybersecurity@diligex.eu.