As technology becomes increasingly embedded into a company’s daily operations, it is crucial for businesses, irrespective of their size, to implement cybersecurity strategies.

While technical personnel may readily recognise the need for reinforced cybersecurity measures, key operational figures such as Chief Financial Officers (CFOs), Chief Operations Officers (COOs), and business owners may find it more challenging to fully grasp the urgency and complexity of these issues.

This was the predominant theme behind the latest CYBER Breakfast organised by the MITA-NCC,  which forms part of a series of events intended for the National Cybersecurity Community to  tackle emerging cybersecurity topics.

Throughout the event, professionals ranging from IT specialists to CFOs from various industries emphasised the importance of cultivating a culture of awareness and open communication that reaches every level of the organisation, “from the bottom to the top.”

Panel discussion (from left to right) Moderator Malcolm Portelli, Ernest Agius, Clive Spiteri and Abigail Abela Cavallaro 

The panel, moderated by Malcolm Portelli Chief Information Security Officer (CISO) at Andaria Financial Services, discussed the cyber perspective from a business point of view. The discussion was held between Abigail Abela Cavallaro, Head of Finance and Procurement at Servizz.Gov, Videoslots CFO Clive Spiteri, and BOV COO Ernest Agius.

Ernest Agius opened the discussions by recounting the 2019 cyberattack which targeted BOV, emphasising how crucial it is to be prepared for such incidents. Drawing from his firsthand experience of the cybersecurity breach, Mr Agius described the costly ordeal as an eye-opener and shared the feeling of being overwhelmed during the attack. “It felt intrusive and personal,” he said.

On his part, Videoslots CFO Clive Spiteri acknowledged that communication between IT and Finance is key, particularly for startups, which may not have the same resources as larger companies like BOV. He noted that the IT team’s efforts must be maximised in such environments, where the focus is often on growth. 

“If you’re working with a startup, you need to begin the work well in advance, engage with the finance team, and discuss what can realistically be achieved,” he addressed the crowd.

Furthermore, he expressed his belief that the person responsible for implementing cybersecurity strategies should internally “sell the need” for the importance of investing in cybersecurity tools. Even if it comes at a cost, “it is avoiding possible future hassle and mitigating risk that could materialise.”

In addition to communication, the panellists emphasised that raising awareness is the next essential step for both parties to collaborate effectively. Servizz.Gov’s Abigail Abela Cavallaro stressed that IT teams should not limit their engagement to executives but foster a culture of awareness across the entire organisation. “While full understanding may not always be possible, security checks should align with the goals of the entity,” she said.

Addressing IT employees in attendance, the panellists remarked that they should not be afraid of reaching out. By presenting data on potential cyberattacks the company could have faced, IT teams can help executives better understand what it might potentially face.

Jumping in on this point, Mr Spiteri remarked: “And, in addition, explain how much money has been saved through cybersecurity measures and how much more could be saved.”

On the external side of cybersecurity, COO Ernest Agius noted that communication should also be extended between institutions on the islands, suggesting that sharing information on cyberattacks would help keep companies more vigilant.

Similar points were echoed by the attendees during the discussions which took place during the breakout sessions, where real scenarios were discussed.

The groups also pointed out that investing in cybersecurity practices can be compared to investing in insurance: While spending money might seem like a waste, it ultimately proves its value when needed.

Additionally, industry managers reflected on the balance between investment and risk. For instance, they noted that the cost of recovering lost data or stolen intellectual property might be higher than the monetary investment required for cybersecurity.

One group suggested that when pitching products or strategies to operations executives, IT teams could provide case studies to strengthen their arguments.

Others highlighted that cyberattacks can also cause reputational damage, with some managers questioning whether falling victim to an attack might harm business, as clients could turn to alternative companies to feel more secure.

Visit ncc-mita.gov.mt for more information and join the community today.

This article is co-founded by the European Union.

‘Rabbit is one of the national dishes of Malta, so it’s important that we had it on the menu’ – Simon Rogan

December 21, 2024
by Sarah Muscat Azzopardi

Chefs Simon and Oli share their culinary inspirations from local seasonal produce

Inflation rate in November 2024 down to 1.3%

December 19, 2024
by Robert Fenech

The inflation rate went down again after an uptick in October

Building a safer digital future: Cybersecurity in Malta gains momentum

December 19, 2024
by Helena Grech

MITA-NCC’s CYBER Breakfast reflects on where the cybersecurity landscape is at, as it gears up for 2025 initiatives