Gibraltar Regulators Forum Releases Ransomware Survey Findings Highlighting the Growing Cybersecurity Threat in Gibraltar - 637/2024

The Gibraltar Regulators Forum, composed of the Gibraltar Regulatory Authority, the Gibraltar Financial Services Commission, the Legal Services Regulatory Authority, the Gibraltar Gambling Division, and the Gibraltar Financial Intelligence Unit, has released the results of a comprehensive ransomware survey (the "Survey"), providing critical insights into the prevalence, impact, and preparedness of organisations in Gibraltar against ransomware attacks. The Survey was launched in June 2024 and the analysis of results sheds light on the growing threat of ransomware, as well as the response strategies being employed to combat these attacks.

Ransomware is a type of malicious software that has emerged as one of the most significant threats to data, systems, and networks worldwide. Criminals use ransomware to deny victims access to their own data, systems, or networks and demand a ransom payment to restore access. Tactics commonly employed by ransomware attackers include data encryption, data exfiltration, and operational disruption, often accompanied by threats to expose sensitive information.

The Gibraltar Regulators Forum Survey aimed to identify the impact of ransomware attacks within Gibraltar and to understand how various organisations are preparing for and responding to such attacks. The analysis provides insight into the measures in place, the level of preparedness, and the outcomes experienced by organisations that have fallen victim to ransomware attacks.

The Survey results now serve as a valuable tool for raising awareness and guiding policy makers and organisations in enhancing their cybersecurity strategies to address vulnerabilities effectively. The granular detail will not be made public for operational reasons.

The Gibraltar Regulators Forum acknowledges the Survey's limited sample size and hopes to grow the size in future surveys. The Survey's results nevertheless provide valuable insight of the current state of ransomware preparedness within Gibraltar, revealing both strengths and vulnerabilities. The Gibraltar Regulators Forum is grateful for those organisations and individuals who have supported the Survey and look forward to conducting further research in the future.

Key Survey Findings

• Ransomware is perceived as a significant threat by most organisations, with 79% of respondents expressing concern indicating that there is widespread acknowledgment of the risks associated with ransomware attacks.
• 73% of respondents view "professional criminals" as the predominant threat actors behind ransomware attacks, while 21% believe these attacks are "state-sponsored". Only 6% think "novice criminals" are the primary actors, indicating a general understanding of the sophisticated nature of ransomware threats.
• 80% of organisations in Gibraltar have designated a department or individual responsible for cybersecurity, 68% have identified and documented the risks, and 74% have provided relevant training to staff. Despite these efforts, only 24% have a strict no-payment policy regarding ransom demands and 54% do not have a formal policy.
• Preventative measures such as antivirus software, data backup and recovery procedures, and regular software updates are well adopted. However, nearly half of the organisations (47%) lack a formal incident response plan, which could lead to inadequate responses during an attack.
• A number of organisations in Gibraltar reported being victims of ransomware attacks, with a few experiencing an attack once or experiencing two attacks. Most attacks were initiated through email phishing, with others resulting from unpatched software or third-party suppliers. The impact of these attacks varied, with productivity loss, system downtime, and financial losses reported. Interestingly, no organisations paid ransom demands, and most were able to restore lost data from backups.
• While many organisations have implemented fundamental preventative measures, gaps in preparedness remain, particularly in incident response planning and policies on ransom negotiation. The variability in cybersecurity practices across organisations highlights the need for continued efforts to strengthen cybersecurity measures.