Jerusalem, 26 May, 2026 (TPS-IL) — Widespread cybersecurity failures across Israeli emergency agencies and government ministries have left the country significantly exposed to Iranian cyber threats, Israel’s State Comptroller warned in a report released Tuesday.
“In light of the threats from Iran, the Israeli Government must also be well prepared for cyberattacks. The reports revealed significant deficiencies and must be corrected immediately,” State Comptroller Matanyahu Englman wrote.
The State Comptroller, Israel’s independent government oversight authority responsible for auditing public agencies and ministries, regularly reviews state preparedness and the effectiveness of policies.
The report comes on the heels of a National Cyber Directorate report showing a 55 percent increase in attacks in 2025.
Englman’s report cited compromised databases, vulnerable remote work systems, and a lack of coordination between key institutions. It warned that sensitive state and civilian information could be exposed or disrupted as a result.
The findings pointed to systemic weaknesses across multiple bodies, including the Israel Police, the Israel Fire and Rescue Authority, the Courts Administration, the Ministry of Economy and Industry, the National Digital Directorate (including the Government Cyber Defense Unit), the Prime Minister’s Office, and the Privacy Protection Authority within the Ministry of Justice. Some findings were classified as highly severe.
A central concern was emergency cyber preparedness. Although the National Cyber Directorate issued updated cyber defense guidelines following the October 7, 2023 Hamas attacks, they were not fully distributed to emergency agencies, leaving key bodies without updated instructions during a period of heightened threat.
Remote work systems were also identified as a major vulnerability. Approximately 65% of ministries continued using a flawed remote access system for months after serious security weaknesses were discovered. The system was only shut down in January 2025, leaving government networks exposed during much of the wartime period.
The report also highlighted gaps in operational readiness within the Israel Police, fire and rescue services, and the court system. In some cases, agencies lacked adequate preparation for system failures or coordinated cyber incidents affecting critical infrastructure.
The Ministry of Foreign Affairs received particularly sharp criticism. In addition to long-standing technological gaps and outdated systems, the report found that sensitive internal data was stored in broadly accessible locations, including shared drives containing tens of thousands of documents.
It also noted that the ministry’s cyber defense policy has not been updated since 2018. Since the October 7 attacks, Israeli diplomatic missions abroad have experienced a sharp rise in cyber incidents.
At the Ministry of Construction and Housing, auditors found that despite managing nine large databases containing millions of personal records, the ministry failed for eight years to properly register them under privacy protection regulations. These databases include housing applicants, subsidy recipients, and contractors.
Digital government services also came under criticism. Although 4.6 million citizens are registered in the national identification system, only 16% of services are connected to it, and just 3% are used through the government portal. Many services remain paper-based, including most Ministry of Foreign Affairs forms.
“Digital service for citizens is not a luxury. We cannot accept a reality in which only a small percentage of government services are accessible through the personal area,” Englman said.
Key agencies, including the Tax Authority, National Insurance Institute, and Ministry of Defense, continue to operate separate authentication systems. The report warned that this fragmentation increases inefficiency and raises cybersecurity risks across government networks.
In response, the National Cyber Directorate said the findings highlight the need for a unified national cybersecurity framework rather than fragmented agency-level policies. The National Digital Directorate said it has already implemented most recommendations, including shutting down the vulnerable remote work system and transitioning to a Zero Trust security model.
It added that government systems continue to face “dynamic and unprecedented cyber threats,” while ongoing reforms and procurement of more secure infrastructure are aimed at strengthening resilience.