Blab Tech
Israels State Comptroller Audit Reveals Critical Cyber-Preparedness Gaps Ahead of War
On 27 May 2026, the Office of the State Comptroller released a comprehensive audit that exposes serious weaknesses in Israel’s cyber‑security posture. Part of the annual review of cyber and information‑technology protection, the report warns that key public institutions, emergency agencies and major economic actors remain vulnerable to state‑backed cyber‑attacks.
The audit identifies three major deficiencies that were present when Israel entered the Israel‑Hamas war in October 2023: delayed legislation, limited cabinet oversight and weak readiness among critical economic actors. It argues that the country’s cyber‑defence framework was still incomplete at that time, leaving essential services exposed to sophisticated adversaries.
Israel has long been a target of cyber‑attacks, and the audit cites a rise in state‑backed hacking that increasingly leverages artificial intelligence to probe government networks, private companies and critical infrastructure. Despite years of investment, many public systems lack the resilience required to withstand coordinated, AI‑enhanced campaigns.
The audit’s findings echo concerns raised by the National Cyber Directorate (INCD). The INCD’s 2025 annual report, published in February 2026, provides a situational assessment of Israel’s cyberspace, noting a surge in incident reporting and threat intelligence. The INCD’s 2025 strategy, released in February 2025, was developed in consultation with security agencies, ministries and private‑sector experts, but the audit argues that the strategy’s implementation has been uneven.
A key shortfall identified by the State Comptroller is the absence of comprehensive, enforceable cyber‑security legislation. The Knesset passed a national cyber‑defence bill in its first reading on 17 May 2026, a step described by the legislature as a major advance. However, the audit stresses that the bill’s provisions remain in draft form and lack the enforcement mechanisms needed to compel public and private entities to meet baseline security standards.
Cabinet oversight is another area of concern. The audit points out that the Security Cabinet, which coordinates foreign and defence policy, has limited authority over cyber‑security matters. The report notes that the National Security Affairs Committee has not yet established a dedicated cyber‑security sub‑committee, leaving cyber‑policy decisions largely ad‑hoc.
Economic bodies also lag behind. The audit lists several major firms and financial institutions that have not yet adopted the INCD’s recommended security controls. The report cites a lack of mandatory reporting of cyber incidents to the INCD, which hampers the government’s ability to assess the national threat landscape.
Emergency agencies are particularly exposed. The audit cites failures in incident response and vulnerability management across agencies responsible for public safety. The State Comptroller’s report warns that these gaps could allow adversaries to disrupt emergency services during a crisis.
The audit calls for a coordinated national response. It recommends that the government enact the pending cyber‑defence bill, strengthen cabinet oversight by creating a dedicated cyber‑security sub‑committee, and mandate regular security assessments for all critical public and private entities.
Industry experts have noted that Israel’s reputation as a cyber‑innovation hub could be undermined if these gaps remain unaddressed. The audit’s findings come at a time when Israel faces heightened cyber threats from Iran and its proxies, as well as from non‑state actors. The report underscores that the country’s economic resilience depends on securing its digital infrastructure.
The audit’s release follows a series of incidents that highlighted Israel’s cyber vulnerabilities. In early 2026, Iranian cyber‑attackers attempted to create panic by targeting Israeli infrastructure, but the attacks failed to cause widespread damage. Analysts say that the failure was due in part to Israel’s existing cyber‑defence measures, but the audit argues that the measures are not uniformly applied.
In response to the audit, the INCD has announced plans to conduct a nationwide assessment of cyber‑security readiness in the public sector. The INCD also stated that it will work with the State Comptroller to develop a roadmap for implementing the cyber‑defence bill.
The audit’s findings remain a wake‑up call for Israel’s government and private sector. The State Comptroller’s report, the first of its kind to highlight such systemic gaps, sets the stage for legislative and organisational reforms that will be crucial for protecting the country’s economy and national security.
The audit is currently under review by the Knesset. No official government response has been issued yet, but the State Comptroller’s report is expected to influence the next legislative session and the INCD’s ongoing cyber‑security strategy.
The audit’s release underscores the urgency of addressing Israel’s cyber‑preparedness gaps. As the country continues to face sophisticated cyber threats, the need for comprehensive legislation, robust cabinet oversight and industry‑wide readiness has never been clearer.
The audit identifies three major deficiencies that were present when Israel entered the Israel‑Hamas war in October 2023: delayed legislation, limited cabinet oversight and weak readiness among critical economic actors. It argues that the country’s cyber‑defence framework was still incomplete at that time, leaving essential services exposed to sophisticated adversaries.
Israel has long been a target of cyber‑attacks, and the audit cites a rise in state‑backed hacking that increasingly leverages artificial intelligence to probe government networks, private companies and critical infrastructure. Despite years of investment, many public systems lack the resilience required to withstand coordinated, AI‑enhanced campaigns.
The audit’s findings echo concerns raised by the National Cyber Directorate (INCD). The INCD’s 2025 annual report, published in February 2026, provides a situational assessment of Israel’s cyberspace, noting a surge in incident reporting and threat intelligence. The INCD’s 2025 strategy, released in February 2025, was developed in consultation with security agencies, ministries and private‑sector experts, but the audit argues that the strategy’s implementation has been uneven.
A key shortfall identified by the State Comptroller is the absence of comprehensive, enforceable cyber‑security legislation. The Knesset passed a national cyber‑defence bill in its first reading on 17 May 2026, a step described by the legislature as a major advance. However, the audit stresses that the bill’s provisions remain in draft form and lack the enforcement mechanisms needed to compel public and private entities to meet baseline security standards.
Cabinet oversight is another area of concern. The audit points out that the Security Cabinet, which coordinates foreign and defence policy, has limited authority over cyber‑security matters. The report notes that the National Security Affairs Committee has not yet established a dedicated cyber‑security sub‑committee, leaving cyber‑policy decisions largely ad‑hoc.
Economic bodies also lag behind. The audit lists several major firms and financial institutions that have not yet adopted the INCD’s recommended security controls. The report cites a lack of mandatory reporting of cyber incidents to the INCD, which hampers the government’s ability to assess the national threat landscape.
Emergency agencies are particularly exposed. The audit cites failures in incident response and vulnerability management across agencies responsible for public safety. The State Comptroller’s report warns that these gaps could allow adversaries to disrupt emergency services during a crisis.
The audit calls for a coordinated national response. It recommends that the government enact the pending cyber‑defence bill, strengthen cabinet oversight by creating a dedicated cyber‑security sub‑committee, and mandate regular security assessments for all critical public and private entities.
Industry experts have noted that Israel’s reputation as a cyber‑innovation hub could be undermined if these gaps remain unaddressed. The audit’s findings come at a time when Israel faces heightened cyber threats from Iran and its proxies, as well as from non‑state actors. The report underscores that the country’s economic resilience depends on securing its digital infrastructure.
The audit’s release follows a series of incidents that highlighted Israel’s cyber vulnerabilities. In early 2026, Iranian cyber‑attackers attempted to create panic by targeting Israeli infrastructure, but the attacks failed to cause widespread damage. Analysts say that the failure was due in part to Israel’s existing cyber‑defence measures, but the audit argues that the measures are not uniformly applied.
In response to the audit, the INCD has announced plans to conduct a nationwide assessment of cyber‑security readiness in the public sector. The INCD also stated that it will work with the State Comptroller to develop a roadmap for implementing the cyber‑defence bill.
The audit’s findings remain a wake‑up call for Israel’s government and private sector. The State Comptroller’s report, the first of its kind to highlight such systemic gaps, sets the stage for legislative and organisational reforms that will be crucial for protecting the country’s economy and national security.
The audit is currently under review by the Knesset. No official government response has been issued yet, but the State Comptroller’s report is expected to influence the next legislative session and the INCD’s ongoing cyber‑security strategy.
The audit’s release underscores the urgency of addressing Israel’s cyber‑preparedness gaps. As the country continues to face sophisticated cyber threats, the need for comprehensive legislation, robust cabinet oversight and industry‑wide readiness has never been clearer.
