Cyber Incidents

Cyber attacks can disrupt essential services, compromise personal data and affect businesses and government systems across Gibraltar.

Who is Most at Risk?

Businesses, government services and critical infrastructure operators are primary targets, but individuals are equally at risk through phishing, fraud and ransomware. Anyone with internet-connected devices, online banking or digital services is potentially vulnerable.

Before

  • Use strong, unique passwords for every account and enable two-factor authentication wherever possible.
  • Keep all devices, software and apps updated — updates often contain critical security patches.
  • Back up important data regularly to a secure, offline or cloud location.
  • Be cautious of unexpected emails, links and attachments — phishing is the most common entry point for cyber attacks.
  • Install reputable antivirus and firewall software on all personal devices.
  • Know how to contact your bank quickly to freeze accounts if fraud is suspected.
  • Businesses should have a cyber incident response plan in place and train staff in basic cyber hygiene.
  • Keep a note of important contacts and account details in a secure offline location in case systems become inaccessible.

During

  • If you suspect a cyber attack or data breach, disconnect affected devices from the internet immediately — do not turn them off.
  • Change passwords for compromised accounts from a different, unaffected device.
  • Contact your bank immediately if you believe financial accounts have been compromised.
  • Report the incident to the Gibraltar Police (RGP) and to the Gibraltar Regulatory Authority.
  • Do not pay ransomware demands — contact authorities for advice first.
  • Preserve any evidence — screenshots, emails, logs — for investigation purposes.
  • Inform affected customers, partners or colleagues if a data breach may affect them.

After

  • Work with a qualified IT professional to assess and restore affected systems securely.
  • Change all passwords and review account access permissions.
  • Report any confirmed data breach to the Gibraltar Regulatory Authority as required under data protection law.
  • Review and update your cyber security measures to prevent reoccurrence.
  • If personal data has been compromised, monitor your credit and bank statements for unusual activity.