Malta’s cyber threat crisis is real and your business is not safe

Malta ranks among the top three EU countries for businesses affected by cybersecurity incidents. 28.7% of Maltese businesses experienced a cyber incident in 2023. A PwC study recorded millions of attacks on Maltese infrastructure in just three months. Why is Malta such a target?

28.7% of Maltese businesses experienced a cyber incident in 2023. The PwC study showing millions of attacks in just three months proves this is daily reality.

What makes Malta particularly vulnerable is our highly connected economy. We’re a digital hub for financial services and international business, which makes us an attractive target. Attackers know Maltese companies handle significant financial transactions and sensitive data.

The threat landscape has evolved beyond opportunistic attacks. We’re seeing sophisticated, persistent campaigns: Business Email Compromise (BEC), ransomware, DDoS attacks designed to cripple operations. With 81% of fraud in Malta now occurring online, businesses can’t afford to think it won’t happen to them. The data proves it already is.

Can you walk us through a claim scenario where a Cyber Insurance policy would kick in and provide the required cover. Can cyber claims be complex?

An employee mistakenly emails client data when he accidentally sends an excel file containing customer personal information (names, addresses, ID numbers) to the wrong recipient. This is a privacy event. In this case forensic investigation, legal advice on notification, customer notifications, PR support and call centre costs are covered as Incident response expenses.

Cyber incidents rarely create a single problem — they trigger a chain reaction. We’ve heard of ransomware attacks that bring operations to a standstill for days; phishing incidents that result in fraudulent payments, and data breaches that require legal advice, regulatory notifications and customer communication. In some cases, the technology issue is resolved quickly, but the financial and reputational fallout lasts much longer.

Cyber Insurance gives business owners’ certainty during uncertainty. When a cyber incident happens, the last thing a company should be worrying about is who to call or how to fund the response. Cyber insurance turns a chaotic situation into a managed one.

You’re emphasising 24/7 support as a key differentiator. Why does that matter so much? I mean, if my business gets hit at 2 am on a Sunday, what happens? Who picks up the phone, and what do the first 60 minutes look like?

Cyberattacks don’t respect business hours. Criminals deliberately strike when businesses are least prepared: weekends, holidays, and overnight. Ransomware attacks often trigger Friday evenings because attackers know you have less time to respond before Monday deadlines.

When you discover a breach at 2 am on a Sunday, we’re always there. GasanMamo Insurance have partnered with CyberSift, a leading local cyber incident response company who offer 24/7 support. A cyber incident specialist answers immediately on a dedicated phone number. Not a voicemail, not a call centre reading from a script. An expert who understands what you’re facing.

Initial contact will take place, and critical questions are asked by the Incident Response specialists: What kind of attack? What systems are compromised? Is customer data at risk? Are operations down? This determines severity and response priority.

Subsequently, the required mitigation measures are deployed, depending on the severity and type of cyberattack.

We’re always there doesn’t just mean someone picks up the phone. It means you get immediate, expert response when every minute counts. Because in a cyber crisis, waiting until Monday morning could cost you your business.

Having this local, coordinated support at 2 a.m. means faster decisions, reduced downtime, clearer communication and ultimately a much better chance of recovering with minimal long-term impact. In cyber incidents, the first few hours really matter.

Everyone says 95% of breaches come from human error. Someone clicks the wrong link or falls for a fake email. Is cyber insurance basically just cleaning up after employees make mistakes? Or is there more to the story?

Human error is often the entry point for most cyber incidents, but that doesn’t mean employees are the real problem. It means cybercriminals have perfected the art of exploiting human psychology.

When an employee clicks a phishing link, they’re not being careless. They’re being manipulated by professionals who study human behaviour. These emails are now AI-generated, indistinguishable from legitimate correspondence, designed to bypass instincts.

We’re not covering up for mistakes. We’re protecting against the cascading damage from that one click. An employee opens a phishing email. Within hours, ransomware spreads through your entire network. That one mistake now costs hundreds of thousands in downtime, recovery, and lost business. We cover that.

Forget insurance for a second. What are the top 3 things every Maltese business should be doing right now to actually protect themselves from cyber threats?

First, enable Multi-Factor Authentication everywhere. Not just on email but also on banking platforms, cloud systems, administrative accounts, everything. MFA blocks the vast majority of automated attacks and is the highest impact control most organisations can deploy quickly.

Second, implement strict verification protocols for payments. Any email requesting a wire transfer or bank detail change must be verified via phone using a number you already have on file, never one provided in the email. Make this rule non-negotiable and ensure every employee with payment authority is trained.

Third, conduct regular backups and test them. Ransomware can’t hold you hostage if you can restore everything from a clean backup.

Backups should be stored off site and protected against deletion, not just sitting on the same network. Too many businesses only discover during a crisis that their backups were encrypted, deleted, or never worked.

Back up data regularly, using a combination of air-gapped and immutable copies. Test backup recovery at least quarterly.

These three actions won’t make you invulnerable, but they’ll dramatically reduce your risk and make you a harder target.

If you had to give just one piece of advice to a Maltese business owner about cyber protection, what would it be?

Don’t wait until it happens to take it seriously.

Businesses often say they’re too small to be targeted, or they have an antivirus so they’re fine, and then it happens.

Cyber protection isn’t just about technology. It’s about having a plan when prevention fails. It’s about knowing who to call at 2 a.m. when your systems are locked. It’s about having the financial safety net to recover without closing your doors.

We’re always there, but we can only help if you’ve prepared in advance.

So take action today. Implement those verification protocols. Enable multi-factor authentication everywhere. Back up your data securely. And put cyber insurance in place, because while you can’t prevent every attack, you can ensure your business survives the one that gets through.

In Malta’s threat landscape, the question isn’t if. The question is when, and whether you’ll be ready.

To find out more about GasanMamo’s Cyber Insurance cover, visit https://www.gasanmamo.com/products/cyber-insurance/

GasanMamo Insurance Ltd is authorised under the Insurance Business Act and regulated by the MFSA.