Study highlights opportunities to strengthen Malta's uptake of EU cybersecurity funding

MITA-NCC commissioned a study after identifying a gap between the EU funding available for cybersecurity and digitalisation and Malta’s actual level of participation. Although these funds offer important opportunities for investment and collaboration, Malta has yet to fully capitalise on the support these offer. As a Member State contributing to the Union’s shared priorities, Malta is well-positioned to make strategic use of these funding opportunities available to advance its national objective. The study was therefore undertaken to examine the barriers limiting participation and to identify ways of improving access, as well as uptake of these programmes.

The study also draws an important distinction between direct and indirect EU funding mechanisms. Direct funding is administered by the European Commission and awarded through competitive calls across the EU. Typically, they are designed to support large-scale projects with cross-border impact, with a substantial budget allocation, more complex applications and partnerships with organisations from other Member States. Indirect funding, on the other hand, is managed nationally by national authorities and is generally seen as more accessible to local organisations, especially small and medium-sized enterprises. These schemes are more closely aligned with national priorities and less complex easier to navigate for Maltese applicants.

The study, conducted by PwC Malta, examined how EU funding instruments are structured, how accessible they are and the extent to which they are being. It analysed major EU programmes such as Horizon Europe, the Digital Europe Programme and the Connecting Europe Facility, as well as nationally managed instruments including the European Regional Development Fund and the Recovery and Resilience Facility.

The findings indicate that Malta performs better in some indirect schemes, particularly those supporting digital transformation for small and medium-sized enterprises, however participation in direct cybersecurity funding programmes remains limited.

The study was conducted between December 2025 and March 2026 and included consultations with a broad range of stakeholders purposely selected to reflect the full EU funding lifecycle, both direct and indirect. In total, eight institutional stakeholders were consulted, including funding authorities, national contact points for direct EU programmes, regulatory and coordination bodies, and advisory and support organisations involved in application and implementation support. Additionally, sixteen interviews were carried out with applicants and end-beneficiaries from the private and public sectors, including large organisations engaged in direct EU funding, SMEs that are key targets for national programmes, and public entities reflecting governance and institutional priorities.

According to the study, the barriers associated to direct funding are especially challenging small Member States such as Malta, where organisations may lack the scale,

networks and specialist resources needed to compete successfully in highly competitive EU programmes. Limited awareness of funding calls, co-financing requirements and the time and expertise needed to prepare strong proposals were all identified as factors constraining participation.

The study also found that, although organisations in both the public and private sectors recognise the importance of cybersecurity, investment is often driven more by compliance and immediate risk rather than long-term strategic planning and innovation. It concludes that Malta’s limited uptake of EU cybersecurity funding does not stem from a shortage of opportunities, but to a mix of structural, capacity and behavioural factors.

To address these shortcomings, the study calls for a more coordinated approach across funding instruments, stronger support for prospective applicants and greater recognition of cybersecurity as a strategic investment area within Malta’s wider digital ecosystem. It also produced a set of recommendations which MITA-NCC will now discuss with the relevant national authorities in order to identify practical follow-up measures and determine the most effective way forward in response to the study’s findings.

In the meantime, MITA-NCC has already organised a CYBER Breakfast to the National Cybersecurity Community on 7th May 2026, as one of the first initiatives aimed at addressing the challenges identified. During the event, PwC Malta presented the study’s findings, followed by a panel discussion in which representatives from GO and MDIA shared their organisations’ experiences with EU funding applications. Xjenza Malta and Tech.mt also provided support as national contact points for Horizon Europe and the Digital Europe Programme, respectively. Attendees then took part in a guided breakout session aimed at demystifying the complexity of EU funding, led by members of the National Consultation Council.

Those seeking further information on cybersecurity-related EU funding opportunities can consult the MITA-NCC website at https://ncc-mita.gov.mt/funding-calls/, which provides updates on open calls. Guidance and practical tips on preparing stronger applications are also available at https://ncc-mita.gov.mt/how-to-submit-a-strong-proposal/, while information on national-level schemes can be found at https://ncc-mita.gov.mt/national-schemes/#national-schemes. Further updates on available funding opportunities are also published on the fondi.eu website. 

Melvin Charles Farrugia Bonett

Article written by Melvin Charles Farrugia Bonett
Senior Executive, NCC-MT (National Coordination Centre Malta), Cyber Security Department