News
Gibraltar’s Cybersecurity Gaps
The Gibraltar Regulators Forum has released findings from its June 2024 ransomware survey, highlighting the significant risks faced by local businesses. The survey uncovered widespread concerns from local businesses about ransomware, with 79% of organisations perceiving it as a major threat. The survey also revealed that most attacks originate through email phishing and unpatched software vulnerabilities.
Who is the Gibraltar Regulators Forum?
The Gibraltar Regulators Forum is composed of key regulatory bodies including the Gibraltar Regulatory Authority, Financial Services Commission, Legal Services Regulatory Authority, Gambling Division, and Financial Intelligence Unit.
What did the report find?
With ransomware now a major cybersecurity concern for Gibraltar-based businesses, the survey’s findings highlight both strengths and gaps in current defences. While 80% of organisations have designated cybersecurity teams, many still lack formal incident response strategies, leaving them vulnerable to sophisticated attacks.
– 79% of businesses view ransomware as a significant threat.
– 80% have assigned cybersecurity responsibilities, but only 54% have formal incident response policies.
– Most attacks start through phishing or unpatched software.
– No organisations reported paying ransoms, and many restored data from backups, highlighting the importance of effective recovery plans.
How can I protect my business?
The report recommends businesses bolster their cybersecurity strategies by formalising incident response plans and refining preventative measures. As the ransomware threat grows, continued investment in staff training, software updates, and robust policies will be critical for resilience.
With further consultations planned, the Gibraltar Regulators Forum aims to expand the survey sample and improve preparedness across the board.
Would you like to know more about this issue?
Let us know! The GFSB runs several free training sessions for its members throughout the year and we can explore running a session on this topic.
SHARE THIS
OTHER NEWS
Last week, we shared a Treaty Readiness Survey with our members and the wider community to take a temperature check of how they feel with just over a month to go until July 15th. The results provide a useful snapshot of how Gibraltar businesses currently feel about Treaty implementation, with responses pointing to a business community that is engaged with the issue but still facing uncertainty around the practical implications.
OTWO and the Gibraltar Federation of Small Businesses (GFSB) are delighted to announce that Marble Arc has been named the winner of the 2026 World Environment Day Shop Window Competition, marking an impressive second consecutive victory for the business following its success in 2025.
Thrive
Explained: Cyber threats
Cyber security is often framed as a technology problem, but Matthew Baird argues the real risk is human behaviour. Using local fraud cases and real-life examples, he explores how criminals exploit trust, urgency and familiarity to trick individuals and businesses, and shares simple, practical steps to help spot and stop social engineering attacks.
Brexit
News
Your Customs Playbook
Following the publication of HMGoG’s guidance on NIF and EORI registration requirements, the GFSB has produced a practical step-by-step playbook to help Gibraltar businesses navigate the process as clearly and confidently as possible. Over recent weeks, many members have contacted us with questions around whether they need a NIF or EORI number, what the process involves, and whether obtaining these registrations could create Spanish tax obligations.
Brexit
NIF & EORI Guidance
After weeks of questions, confusion and growing concern amongst Gibraltar businesses, HM Government has now published formal guidance on NIF and EORI registration requirements linked to the future customs arrangements under the treaty. This is the clearest explanation yet of what these registrations are, who actually needs them, and perhaps most importantly, what they do not mean.