Geopolitical tensions often lead to a surge in cyber risk as threat actors seek to exploit disruption, uncertainty, and stretched security resources. In recent weeks, the evolving situation in the Middle East has contributed to increased cyber activity affecting organisations across the Middle East and North Africa (MENA). For risk managers and insurance professionals in this environment, preparedness is central to building cyber resilience and protecting operations.
Patterns in cyber activity linked to the conflict
Understanding recent cyber activity may help you prepare for emerging threats. Between 28 February and 1 March 2026, more than 150 hacktivist incidents were recorded {cloudsek.com (opens a new window)}. However, most involved distributed denial-of-service (DDoS) attacks, website disruptions, and data-leak claims rather than destructive intrusions.
These attacks have primarily targeted sectors providing essential services or highly visible digital platforms, including government, financial services, aviation and transportation, telecommunications, and energy infrastructure. Many incidents reported in Gulf states were successfully detected and mitigated, indicating that regional monitoring and defensive controls are functioning effectively.
State-aligned cyber activity is also increasing. Iranian cyber operations reportedly expanded significantly following the 2025 conflict and have continued to rise in 2026. However, much of this activity involves espionage, reconnaissance, or phishing campaigns rather than infrastructure-destroying attacks {dsci.in} (opens a new window).
Cybersecurity agencies have warned that organisations {bleepingcomputer.com} (opens a new window) with operations or supply chains in the region may face elevated background cyber risk as tensions persist, though this reflects a heightened threat environment rather than an expectation of catastrophic attacks.
Building resilience: practical risk mitigation steps
In this environment, cyber disruption is often driven by volume, coordination, and opportunism rather than sophistication. An organisation is in the best position to reduce operational risk if it focuses on cyber preparedness and resilience. You can significantly strengthen your organisation’s position by taking these actions:
Prepare for large-scale coordinated DDoS activity
Many hacktivist campaigns rely on large-scale denial-of-service attacks targeting public-facing services. A key risk scenario is multiple groups simultaneously targeting the same organisation, potentially overwhelming mitigation providers.
Organisations should ensure:
DDoS protection exists at both network and application layers
Anti-DDoS providers can absorb large multi-client attack volumes simultaneously
Critical
public-facing services have graceful degradation or failover capabilities
This approach helps maintain service continuity even during sustained attack campaigns.
Ensure resilience against destructive data-wiper malware
Although less common, destructive malware remains a serious threat in geopolitical cyber operations. Data-wiper attacks are designed to permanently destroy systems or information.
Key resilience measures include:
Enforcing robust backup strategies, including immutable backups
Maintaining offline backup copies outside the production environment
Testing full restoration procedures, including scenarios where systems must be recovered and managed remotely
Rapid recovery capability is often the most effective defence against destructive attacks.
Heighten vigilance against advanced impersonation campaigns
Periods of geopolitical crisis often generate large-scale social engineering campaigns exploiting uncertainty and urgency. Recent phishing attempts have impersonated government authorities, airlines and airports, and telecommunications providers.
To reduce risk, organisations should:
Immediately raise colleague awareness and circulate examples of impersonation attempts
Encourage rapid reporting of suspicious emails, calls, or SMS messages
Ensure incident response teams can quickly investigate and contain potential compromises
