.png)
The MFSA’s Cyber Threats Awareness Brief published in June 2026 provides one of the clearest signals yet that Malta’s financial sector is entering a period of accelerated cyber-risk intensity. The Brief highlights that the threat landscape affecting Authorised Persons is now shaped by AI-enabled attacks, rapid vulnerability exploitation, software supply-chain compromise, identity-centric intrusions, and deepfake-driven fraud. These threats are not theoretical, they are already impacting European and Maltese financial entities, ICT third-party providers, and public-sector infrastructures that the sector relies on.
The MFSA emphasises that Authorised Persons must maintain proper situational awareness and regularly assess their exposure to evolving ICT and cybersecurity threats, in line with Article 8(2) of the DORA Regulation. The Brief also reinforces that cyber threats now intersect with operational resilience, third-party concentration, customer protection, and financial-stability considerations — elevating cyber risk to a board-level strategic issue, not just a technical concern.
From BDO’s perspective, this publication includes valuable insights for the sector. It provides a structured, evidence-based view of the threats shaping 2025 and early 2026, while offering forward-looking insights that institutions should incorporate into their risk registers, resilience programmes, and supervisory engagements. As a trusted advisor to regulated entities, BDO supports the MFSA’s objective of strengthening sector-wide cyber resilience and stands ready to help institutions translate the Brief’s observations into practical, actionable improvements.
The Evolving Threat Landscape
1. AI Enabled Threats Are Now the Dominant Risk
The MFSA Brief identifies AI driven and AI enabled threats as the largest root cause category for early 2026. These include:
• AI assisted cloud intrusions
• Malicious AI themed extensions
• Infostealers abusing AI ecosystems
• Autonomous vulnerability discovery
• AI agent exposure in enterprise environments
AI is no longer just a social engineering enhancer — it is now a direct operational threat vector.
2. Vulnerability Exploitation Is Accelerating
Exploitation of exposed systems, enterprise tools, MDM platforms, backup solutions, and collaboration suites remains widespread. AI accelerated reconnaissance is shrinking the window between disclosure and exploitation, making timely patch management a resilience function, not a maintenance task.
3. Software Supply Chain Attacks Are Increasing
Compromises in npm, PyPI, GitHub registries, CI/CD pipelines, and developer tokens highlight the fragility of modern development ecosystems. A single compromised package can cascade into:
• Credential theft
• Cloud compromise
• Malicious code deployment
• Customer facing service disruption
4. Identity and Credential Theft Remain Central
Threats include:
• Real time phishing kits
• OAuth device code abuse
• Infostealer driven credential harvesting
• MFA bypass techniques
• Privileged identity compromise
Identity is now the primary attack surface.
5. Fraud Is Becoming Industrialised
Europol’s disruption of a €50M investment fraud network illustrates the scale of organised cyber enabled fraud operations. Deepfakes, synthetic identities, and multi channel social engineering are eroding traditional verification controls.
6. ICT Third Party Concentration Is a Systemic Risk
The designation of 19 Critical ICT Third Party Providers (CTPPs) under DORA underscores the sector’s dependency on a small number of cloud, identity, and SaaS providers. Incidents affecting these providers can create correlated, cross institutional disruption even when internal controls are strong.
What This Means for Financial Institutions
The MFSA Brief makes one point unmistakably clear: Cyber threats are no longer isolated IT issues, they are operational resilience, regulatory, and financial stability issues.
Institutions must strengthen:
• Identity governance
• Patch and exposure management
• Supply chain security
• Fraud detection and customer protection
• Third party risk management
• AI governance and safe adoption
• Scenario testing for combined threat conditions (DDoS + fraud + cloud outage + geopolitical triggers)
Boards must treat cyber resilience as a strategic capability.
How BDO Can Help
BDO supports financial institutions across the full cyber resilience lifecycle, from strategy to implementation to assurance. Our services directly align with the risks highlighted in the MFSA Brief.
1. AI Risk & Governance Frameworks
We help institutions:
• Govern internal AI use
• Assess AI enabled threat exposure
• Implement controls for data leakage, agent permissions, and shadow AI
• Prepare for supervisory expectations
2. Cyber Resilience & DORA Compliance
BDO provides end to end support for:
• ICT risk management frameworks
• Incident classification and reporting
• Penetration Testing
• TLPT and scenario testing
• Third party risk management
• Exit strategy design and validation
• Management Training
• IT Internal Audit Co-sourcing