Plan of Action


National Strategy
Launching cybersecurity on a national scale essentially calls for a planned, collective, and systemic approach.

Thus, leading to the need of a National Cybersecurity Strategy.

Malta is addressing such a need. Back in 2016, the first national cybersecurity strategy was published. Back in 2016, the first national cybersecurity strategy was published. Since then, digitalisation, including wider diffusion and consumption of broadband, mobile technologies, and data, has progressed further in Malta, along with increased use of social and business digital interactions.

The National Cybersecurity Strategy 2023-2026 is being articulated with such consideration in place, by build on the previous strategy, and allowing for evolving challenges and realities.

The approach adopted to develop this National Cybersecurity Strategy involved the Public Administration, Private Sector, the Society, and the Cybersecurity community. Indeed, these stakeholders constitute the core of the Strategy’s overall vision that:

Malta is more secure and resilient to cyber threats, leading to more trust and confidence within the digital world.

The National Cybersecurity Steering Committee shall oversee the implementation of the National Cyber Security Strategy, ensure its currency, and be its national reference point.


Our National Strategies

Strategy 01

Cybersecurity Governance Capacity

This domain aims to promote and maintain a robust cybersecurity governance framework to ensure that risks effecting Malta in cyberspace are adequately addressed.

They are to be tackled from legislative, regulatory, policy, standard and best practice aspects and, most importantly, from a risk management and supplier management perspective.

Strategy 02

Cyber Defence Capacity

This domain is based upon the premise that the complexity of cyberspace makes it hard to prevent all attacks, which, in a number of instances, are likely to be more disruptive and costly than natural disasters.

Hence, it aims for a stronger multi-stakeholder concerted effort, in terms of operations, for dealing with cybersecurity challenges from a reactive as well as a proactive perspective, including consolidating and sharing cyber threat intelligence.

Strategy 03

Cyber Competence and Culture


This domain recognises that cybersecurity needs to be addressed from a human resource and cultural perspective. It focuses on the academic and training aspects of cybersecurity in various professions and the need to establish a strong security first ethos.

The establishment of a National Coordination Centre, in line with EU legal requirements, shall be instrumental. It shall also promote research development and innovation in cybersecurity.

Strategy 04

International Coorperation

This domain aims to foster active cooperation and engagement by Malta at bi-lateral, multi-lateral, European and international levels in areas of international security in cyberspace, cyber capacity building, cyber response and cybercrime.

National Cybersecurity Strategy 2023-2026
European Strategy
In December 2020, the European Union presented the new cybersecurity strategy. 

Its main aim is to guarantee safe and secure Internet access and ensure strong safeguards against risks to member states’ national security and risks to the fundamental rights of people in Europe.

The drive behind this new strategy was the COVID 19 crisis, where there was a workforce paradigm shift from working at the office to home or remote working, and augmented use of social media. This resulted in the exponential increase of digital services. With this increase in use of digital services, the cyber threat landscape expanded, and cyber-attacks became more sophisticated, successful, and surged to high levels. The strategy stemmed from the Recovery Plan Communication, “Europe’s moment: Repair and Prepare for the Next Generation”, issued by the European Commission.

What you need to follow

Our European Strategies

Strategy 01

Resilience, Technological Sovereignty and Leadership

In this area, the EU Commission proposes to reform the rules on the security of network and information systems.

Strategy 02

Operational Capacity to Prevent, Deter and Respond

In this area, the EU commission aims to strengthen cooperation between EU bodies and Member State authorities responsible for preventing, deterring and responding to cyber-attacks.

Strategy 03

Cooperation to Advance a Global and Open Cyberspace

In this area, the EU Commission will step up work with international partners to strengthen the rules-based global order, promote international security and stability in cyberspace, and protect human rights and fundamental freedoms online.

Several EU wide initiatives have already been issued, originating from the new cyber security strategy and amongst these there are:

  • Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres
  • Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 – analysis of the final compromise text with a view to an agreement
  • Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014
  • Call for Expression of Interest to deploy and operate cross-border platforms to share cybersecurity data and improve the detection of cybersecurity threats in the EU
  • Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020
  • Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the resilience of critical entities (“CER Directive”)
  • Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union (“EUIBA Regulation”).