Malta (MT)

The Malta Cyber Security Strategy was implemented in 2016 as a framework to protect systems, networks and information on the internet, together with the people who make use of these services. The strategy is closely linked with actions relating to cybersecurity in Digital Malta, National Digital Strategy 2014-2020 – Programme of Initiatives 2014.

The national strategy covers the following strategic goals in the ENISA self-assessment: Cybercrime, citizen awareness, international cooperation, incident response capability, incident reporting mechanisms, training and educational programmes. The strategy sets goals aimed at fostering awareness to encourage a responsible cyber culture throughout society and building skills into the workforce and leadership through effective education.

Steps taken at the business and societal levels: Malta has established:

e-Commerce Malta highlights 3 pillars: 1) generating trust in e-commerce; 2) transforming micro-businesses; 3) taking SMEs and industry to new levels of cyber security, such as through the audit-kit and a Specialist advisory service (Measure 2) and the European Trust Mark (Measure 9).

Digital Malta: is the Forum for transforming industries through ICT that aims to raise awareness about the benefits of adopting technology and enabling self-regulation.

A Steering Committee is responsible for the National Cyber Security Strategy implementation. The Malta Information Technology Agency (MITA) is the central driver of Government’s Information and Communications Technology (ICT) policy, programmes and initiatives in Malta. 



Cyber Culture and Education: Measures

The measures for culture and education in the national strategy are:

  • Fostering awareness to encourage a responsible cyber culture throughout society. 
  • Building cyber skills into the workforce and leadership through effective education. 

These are part of the Maltese Cybersecurity Strategy Model along with policy, legislation and risk management. Specifically, they link to the following targets: 

1. Secure Cyberspace:

  • Establishing regulation and voluntary self-commitment for guaranteeing cybersecurity.
  • Fostering the use of interoperable and secure standards on the basis on good practices.

2. Cyber Awareness and Education: 

  • Encouraging cybersecurity education and training. 
  • Exploring the possibility of establishing a Cyber Centre of Excellence. 
  • Ensuring relevant education and training to public sector staff and other stakeholders.
  • Fostering a strategic, target-oriented national awareness and advice campaign. 

The strategy also includes capacity building as part of the cybersecurity awareness and education measures by identifying and developing skills and an educational framework, as well as the analysis of other EU and global strategies, EU legal directions, the actions defined in Digital Malta and the goals of e-Commerce Malta, where cybersecurity is seen as key enabler for the innovation of SMEs and other businesses.  ​

In January 2017, the Minister for Competitiveness and Digital, Maritime and Services Economy launched Malta’s first National Cyber Security Strategy with MITA launched a two year National Cyber Awareness Campaign as one of the Strategy’s initial priority areas. The campaign targets society, businesses and the public sector. 

The Campaign aims to cover the online security interests of the public sector, the citizen, as well as the private sector, giving also particular attention to the SMEs which, as within the EU, constitute the majority of the Maltese economy.

Cybersecurity Education and Awareness

The main strategic goals are: 

  • Encouraging cybersecurity education and training, stressing the importance of behavioural and educational factors, which calls for a rigorous and on-going education and training exercises targeting both the workforce and student generation.
  • Supporting the development of cybersecurity skills and competences.
  • Fostering the development of academic and training programmes designed to consolidate cybersecurity expertise. 
  • Reviewing existing curricula that focuses on cybersecurity, IT and media competences.

Action 60 in Digital Malta refers to building national capacity in specialist skill sets as a government commitment to support the creation of specialist educational institutions and industry with the aim of meeting labour market requirements, developing curriculum and providing technical materials. It also highlights the need to consider the creation of specialist cybersecurity related education and training in areas such as cybercrime. Other targets include:

  • Encourage cybersecurity related training and certification programmes as an incentive to increase security levels of organisations and maintaining them over time. 
  • Put in place prior and post assessments as a measure of effectiveness. 
  • Experiment with innovative forms of education on cybersecurity. 

Young people: 

  • Empowering the young through a Safer Internet under Digital Malta, which priorities digital citizenship as part of the national education curriculum by equipping children and young people with the abilities to interact on and use the internet safely and intelligently. This effort would see the involvement not only of educators but also youth workers, parents and carers and with the aim of producing creative online content that empowers the younger generation and helps to create a safer online environment.
  • Leveraging also related awareness campaigns and curricular plans and developments in school education, ensuring this is sustainable over time and aligned with EU guidelines for the online safety of pupils. 

Measures for schoolchildren and students include:

  • Ensuring understanding of basic cyber hygiene and protection of personal data,
  • Imparting a sound understanding of the opportunities, risks and vulnerabilities of the technologies being used. 

Measures for teachers and school management include:

  • Ensuring cyber-related training for all teachers.
  • Encouraging effective engagement, participation and support of all school management on cybersecurity and awareness. 
  • Finding ways of to engage parents and guardians of students in learning about cybersecurity related matters. 
  • Putting in place legal safeguards for student and teacher protection, e.g. against cyber bullying.
Building National Capacity in Cybersecurity

Explore the potential of establishing a Cyber Centre of Excellence aimed at: 

  • Contributing to the implementation of Digital Malta Action 60 to build national capacity with specialist skill sets. 
  • Creating a training base for cybersecurity expertise. 
  • Keeping updated a comprehensive list of professionals certified under internationally recognised certification programmes in cybersecurity.
  • Promoting best practices. 
  • Proposing legislative or regulatory updates based on research findings and lessons learned. 
  • Acting as a potential agent for for future economic growth in Malta within the cybersecurity domain.
  • Having a complementary mechanism to the collective approach for sharing cybersecurity knowledge and intelligence. 
Higher Education Courses on Cybersecurity


Education and Training for the public sector

The strategy defines measures for the education and training for the public sector staff and stakeholders as a key priority given the sector's extensive use of IT and sensitive data. The target is to combine technology controls with human resources, awareness and employee guidance programmes. It also includes having a comprehensive list of people sector professionals certified under internationally recognised certification programmes. Training outcomes  including being able to recognise cyber incidents, detecting anomalies in IT systems, responding to threats and reporting them to competent authorities.


Rsearch and Development 
  • Foster the application of research and development on cybersecurity.

The aim of this measure is to ensure that cybersecurity becomes a research priority by encouraging and supporting research in national and European projects and initiatives with the participation of government, the private sector and academia. 

Cyber/IT Clusters The MITA has established an Innovation Hub for startups that are selected to follow the YouStartIT acceleration programme and receive a pre-seed investment.
EU Cyber Professional Register for national stakeholders

The CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest Update & Disclaimer

The information contained here is based on desk research carried out by, including the ENISA interactive maps on national strategies and educational courses. 





Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

Operational Cyber Capacity 
CSIRTMalta is Malta’s national Computer Security Incident Response Team (CSIRT). The mission of CSIRTMalta is to support CI’s, CII’s and other sensitive infrastructures in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.
The Malta Cyber Security Strategy at the operational level: defines the function(s) for the steps needed to increase capacities in line with the overall strategic outcomes with regard to national coordination of cyber detection and response.

Computer Security Incident Response Teams  (CSIRTs) tend to be of technical and operational nature. Thus it is important to ensure consolidation of a top level National CSIRT. Close communication and coordination of the CSIRT is also required on:

  • Real-time information sharing and response to calls.
  • Longer term planning.
  • Communication and coordination with other CSIRTs in Malta as required.
  • Possible further alignment with EU legal requirements and consolidation.

Steps taken at the business and societal levels: Malta has established:

e-Commerce Malta highlights 3 pillars: 1) generating trust in e-commerce; 2) transforming micro-businesses; 3) taking SMEs and industry to new levels of cyber security, such as through the audit-kit and a Specialist advisory service (Measure 2) and the European Trust Mark (Measure 9).

Digital Malta: is the Forum for transforming industries through ICT that aims to raise awareness about the benefits of adopting technology and enabling self-regulation.

Computer security incident response teams (CSIRTs)


National updates 

The Strategy highlights the importance of cyber risk management under measure iv - ensure the conduct of a national cyber risk assessment exercise. The purpose is to identify major national cyber threats and risks, assess respective impacts and suggest risk mitigation and management strategies accordingly. This exercise should be undertaken on a regular basis as the threat landscape evolves and new technologies become available. Such an exercise should include regular testing and validation exercises.

Measure v stresses the importance of cyber risk assessments also on an individual basis "Ensure necessary measures in line with individual cyber risk assessments by key public and private sector organisations falling within the scope of related EU legal requirements" (i.e. processing of personal data in relation to products and services dealing with EU citizens or in relation to the Directive on Network and Information Security. The strategy explictly encourages cyber risk assessments as relevant within the public and private sector in that the legislation demands a risk-based approach to the development of appropriate controls. 

Moreover, the Strategy underscores the importance of cyber risk assessment in general to all organisations operating in cyberspace. It includes references on the need to assess financial risks with regard to cyber-related incidents and the potential need for cyber insurance. However, it points out that cyber insurance coverage must not replace risk management and the use of necessary security controls.

Guidance and Updates

Evaluations and periodical reviews are an integrated part of the National Cyber Security Strategy. Cyber risk management practices also include monitoring and evaluations.



Latest Update & Disclaimer

The information contained here is the result of desk research carried out by 


Contact us for more info

Malta (MT) | Cyber Range & Capacity Building in Cybersecurity


The website encountered an unexpected error. Please try again later.