State Comptroller: Security Cabinet Was Not Briefed on Cyber Defense for About a Decade

The security cabinet was not exposed to the cyber situation for about a decade, according to a State Comptroller report published today (Tuesday). Israel has not experienced a significant cyber incident since the outbreak of the war, but the State Comptroller found that in the six years leading up to it, no national cyber exercise was held and cabinet ministers did not receive the appropriate briefings. A year and a half before the war broke out, the National Cyber Directorate presented Prime Minister Benjamin Netanyahu with a situation assessment indicating that defense levels in the cyber field in part of the sectors were inadequate.

As noted, State Comptroller Matanyahu Engelman published a broad report today on the preparedness of cyber systems in bodies of high importance to the economy, in terms of security and functionality, including the National Cyber Directorate, the National Security Council, the Shin Bet, the National Emergency Authority, the Privacy Protection Authority, the digital system and other bodies. The audit, which began before the war and continued until the summer of 2025, found that the security cabinet was not exposed to the cyber picture for about a decade. In the decade before the war and until June 2025, prime ministers did not initiate or hold dedicated cabinet discussions on cyber, except for one dedicated meeting held in 2018. However, cyber was mentioned in discussions whose topics were broader, annual intelligence assessments, some multi arena situation assessments, and one discussion held after the war broke out on a specific topic.

This was despite the fact that the security cabinet is authorized to deal with national security, and despite the fact that protection of the cyber domain is a national security objective as set out in government decision 2444. As a result, during the audit period, the cabinet was not exposed to the full range of cyber risks, the level of preparedness, and the potential damage.

The comptroller also examined the operation of cyber systems at the President's Residence and found significant deficiencies, including shortcomings in managing databases, the absence of a cyber defense policy, pardon requests containing sensitive information that were transferred without encryption, and more.

State Comptroller Engelman said of the audit findings, "The October 7 attack illustrated the heavy price of the absence of advance preparedness and of addressing warning signs. The prime minister, the National Cyber Directorate and all the relevant parties must view the audit on the state's preparedness for cyber incidents and its performance during the Iron Swords War, and the detailed deficiencies in it, as a warning sign. The deficiencies detailed in the report ultimately concern national resilience and state security."

"It is impossible to accept a reality in which for about a decade the security cabinet does not hold dedicated discussions on the issue, and during that period the cyber law was not advanced," Engelman said, adding that "it is imperative to act without delay to correct the gaps and formulate a national action plan that will ensure the protection of the economy and the state against the growing cyber threats." On the deficiencies at the President's Residence, the comptroller said, "Cyber defense areas were not handled in a manner commensurate with the risks facing a body of national importance, especially in wartime when the number of cyberattacks increases."

More on this: Hackers leaked photos and videos of former IDF Chief of Staff Halevi, a large-scale cyberattack on government websites was thwarted