Financial Crime World

Malta Encourages Cybersecurity Best Practices Across Sectors

=============================================

Malta has taken a significant step towards enhancing cybersecurity measures across both public and private sectors by encouraging adherence to international standards and guidelines. The country’s 2016 Cyber Security Strategy recognizes the importance of adopting best practices in cybersecurity, and several authorities have been empowered to regulate and enforce related laws.

Criminalising Cyber Activities

Malta’s Criminal Code criminalizes various cyber activities, including:

  • Unlawful access to or use of information through computers or devices
  • Unauthorized data disclosure
  • Misuse of hardware

These actions can result in fines up to €150,000 and imprisonment for up to four years.

Enforcing Cybersecurity Rules

Several authorities are responsible for enforcing cybersecurity rules in Malta, including:

  • The Office of the Information and Data Protection Commissioner, which regulates personal data processing
  • The Communications Authority, which ensures the security of public communication networks
  • The Maltese police’s Cyber Crime Unit, which investigates and prosecutes cybercriminals
  • Industry-specific authorities such as the Financial Services Authority and Gaming Authority, which play a crucial role in enforcing cybersecurity regulations

Cybersecurity Best Practices

While insurance coverage for cybersecurity breaches is available in Malta, it is not common practice among businesses to obtain such coverage. Companies are:

  • Not required to keep records of cybercrime threats, attacks, or breaches
  • Required to notify the relevant authorities and affected parties in case of a significant risk of breach

Reporting Cybercrime Threats, Attacks, and Breaches

The Electronic Communications Networks and Services (General) Regulations require providers to:

  • Notify the Communications Authority and affected users of any potential security breaches
  • Submit a prescribed incident report form within 24 hours of an attack

Similarly, financial institutions must report immediate security breaches to the Financial Services Authority and other relevant authorities. In the remote gaming sector, operators are required to submit a prescribed incident report form within 24 hours of an attack.

Criminal Sanctions

The Criminal Code provides for criminal penalties ranging from fines up to €150,000 and imprisonment for up to four years for cybersecurity offences. The Data Protection Act imposes administrative fines and/or imprisonment for breaches related to personal data protection. In the remote gaming sector, operators may face administrative fines if found in breach of information security policies.

Conclusion

Malta’s efforts towards promoting cybersecurity best practices across sectors demonstrate its commitment to protecting against cyber threats. While there is no legal obligation to publicly report cybercrime threats, attacks, or breaches, companies are encouraged to adopt robust cybersecurity measures to ensure compliance with regulations and protect their customers’ data.