Cyber incidents are rising, stakes are higher than ever, and resilience has become non-negotiable. This was highlighted during the MITA-NCC’s CYBER Talk: “From Breach to Recovery: The Role of Cyber Insurance in Incident Response.”. The event brought together a panel of industry experts who shared insights, real-world experiences, and practical advice on navigating today’s escalating cyber-risk landscape.
Moderated by Robert Gauci, Digital Advisory Lead at KPMG, the panel featured Finian Massa, Strategic Marketing Manager at ICT Solutions, David Vassallo, CEO of CyberSift, and Mark Spiteri, General Manager at Antes Insurance Brokers. Together, they highlighted the crucial role cyber insurance plays in modern incident response strategies and why its relevance continues to grow.
An overview of the current cybersecurity landscape kickstarted the event. Cyber-attacks are not only increasing in frequency; they are becoming more sophisticated and complex. Finian Massa opened with a clear message: the creativity behind these attacks is almost inspiring, if not for their malicious intent.
From ransomware campaigns and cloud environment breaches to spam-calling schemes and business email compromise, threats are an uncomfortable daily reality for any organisation, regardless of size or industry.And despite the variety, many attacks share the same objective: identity theft.
As David Vassallo continues to explain, the consequences can be extensive. The two most damaging impacts are clear: monetary loss and reputational damage. When asked how an organisation can identify when something is wrong, David points to ransomware as one of the few types of malwares that announces itself the moment it hits. When you’re infected, you know. But not all attacks are so visible. Some intrusions are far more subtle: attackers slip into a network and quietly observe. According to David, one key sign is behaviour that doesn’t fit established patterns. For example, a user logging in at unusual times or activity that simply does not match someone’s regular traits. These kinds of deviations can be early warnings that something is just not right.
There is no doubt that cyber hygiene remains the first line of defence. The range of controls in place are huge, including multi-factor authentication, endpoint monitoring, and continuous employee training, to name a few. But as the speakers pointed out, it is also essential for every organisation to have a robust incident response plan that covers the before, during, and after of a security incident.
As Mark Spiteri conveys, any business with an online presence is inherently vulnerable. This is why cyber insurance should not be viewed as an optional add-on but as a vital component of an incident response plan. When asked about the current adoption levels of cyber insurance in the Maltese market, Mark confirmed a slight increase, particularly among financial services organisations such as banks. However, overall uptake remains relatively low.
Cost remains a primary reason for hesitancy, and this factor varies depending on the organisation’s type and size. However, it is not the only deterrent. As Mark points out, purchasing cyber insurance involves thorough scrutiny of a company’s systems and security measures, similar to a vehicle safety inspection. Insurers will identify and require correction of any flaws. Even if an organisation ultimately does not purchase insurance, the assessment can highlight weak points that need addressing. In fact, as Robert Gauci noted from personal experience, some companies are beginning to build their risk management frameworks around cyber insurance requirements, viewing it as a security standard. The insurance process essentially asks companies to meet a baseline of tools and capabilities needed to successfully respond to incidents.
Finian Massa agreed, pointing out that attaining insurance is not an easy process and is by far not a simple checkbox exercise. However it is a valuable starting point for improving security. At the very least it ensures “your front door is locked”.
David Vassallo further adds that organisations that have prepared for certifications such as ISO27001 and SOC 2 have already gone through much of the necessary groundwork. In many ways, cyber insurance aligns with these certifications. If an organisation has achieved certification, it is better prepared for obtaining cyber insurance. Furthermore, cyber insurance provides an additional level of assurance to clients alongside certifications, which is certainly a positive outcome for any organisation.
Mark also provided insight into what happens in a suspected breach and what cyber insurance typically covers. This includes business interruption, income loss, extortion, liability, hardware coverage, and regulatory fines. Coverage for breach response is included, generally encompassing expenses such as first-response teams, computer security experts, legal fees, and additional monitoring costs -for example, monitoring credit card usage after a breach.
The discussion made it clear: as cyber threats evolve, so must an organisation’s response strategies. The emerging cyber threat landscape will be increasingly challenging, especially with the rise of technologies such as AI and the growing sophistication behind attacks, including supply chain attacks. And with today’s readily available tools, even individuals with no IT background can launch an attack.
The insights shared during the session highlighted not only the increasingly complex cyber-risk environment organisations are facing but also further explored the role that cyber insurance may play within it.