State Comptroller: Israel’s Cyber Defense in Wartime Relied on Luck, Not Preparedness

State Comptroller Matanyahu Englman is publishing his final reports before leaving office, following the appointment of attorney Michael Ravilo, who is close to Prime Minister Benjamin Netanyahu, to the post. In the latest reports, he points to the state’s lack of preparedness for cyber incidents and its performance during the war in Gaza, known as “Swords of Iron,” as well as a parallel multinational audit on government preparedness for artificial intelligence, readiness to adopt and implement AI in public bodies in Israel, and, finally, information security at the President’s Residence. It should be noted that cyber defense of state infrastructure and digital assets has been one of the central issues on which Comptroller Englman has placed special emphasis and identified as a top priority since taking office.

The “Swords of Iron” war proved that the cyber domain has become an inseparable part of Israel’s multi-arena campaign and national resilience. According to the State Comptroller’s report, throughout the fighting there was a significant leap in the audacity and creativity of attackers, with the threat evolving from influence operations and denial-of-service attacks at the outset, through attacks intended to erase information and cause damage, and then to a clear focus in 2024 on collecting intelligence on civilians, public figures and economic processes.

The State Comptroller’s Office sent an expanded questionnaire to 21 key bodies to obtain a broad picture of their preparedness under international standards and the cyber system’s defense doctrine. According to the comptroller’s office, the review included document collection, analysis of technological monitoring data, in-depth meetings with 11 of the bodies, and a follow-up questionnaire sent two months into the war. Similar in-depth checks were also conducted with the sectoral cyber units of government ministries.

The report referred to hundreds of cyber incidents with significant damage potential that occurred during the war period through April 2024, including cyberattacks on a large academic institution, a website hosting company that affected government ministries and about 40 major companies in the economy, a hospital, a government ministry, and an IT company that affected about 10 colleges and led to the deletion of material and the publication of sensitive data.

On the one hand, according to data from the National Cyber Directorate and the Shin Bet, from the outbreak of the war through June 2025, Israel did not experience any cyber incident that significantly harmed the economy, so this appears to be a success. On the other hand, there was a dramatic improvement in the pace and capabilities of the enemy’s attacks. There is an urgent need to continue strengthening the defense lines to ensure the economy and the security system continue functioning without interruption.

There are several bodies involved in the disorder, the National Cyber Directorate, the Privacy Protection Authority, the Shin Bet, YAHAV, the government cyber protection unit, sectoral cyber units, the National Emergency Authority, the National Security Council, the critical state infrastructure body, and essential entities. As reported previously in Globes, the cumulative annual economic cost to the Israeli economy from cyberattack damage stands at $12 billion.

The report reveals a deep and worrying gap between the severity of the existing threat and the actual level of preparedness on the eve of the “Swords of Iron” war. According to him, the fact that Israel did not experience a catastrophic disabling incident is due to luck, not systemic preparedness. The comptroller says the failures are very broad. First, there has been total disengagement at the political level, for a decade prime ministers did not initiate or hold a single dedicated discussion in the political-security cabinet on cyber. The cyber issue was absorbed into broader briefings, and the cabinet was not exposed to the full range of risks. It was also written that the cyber directorate did not submit semiannual reports on the state of defense to the various relevant parties from 2020 to 2025.

Second, there is a legislative and infrastructural vacuum. Despite professional consensus and many government decisions, the Prime Minister’s Office failed to advance a “National Cyber Law” for more than 10 years. Israel is in significant international lag in this field, the report states. In addition, for six years before the war, since 2018, no national cyber exercise was held. The cyber directorate did not validate the national reference threat, and the sectoral threat scenarios only began being written after the war broke out and were not completed by June 2025.

Third, among the 21 critical bodies that responded to the questionnaire, one-third received a failing grade for creating basic tools to deal with a cyber incident, 38% had no management team for crisis handling, and in half of the bodies the steering committee did not meet at all in the year and a half before the war.

The State Comptroller’s Office recommends that “all the relevant parties should regard the deficiencies as a comprehensive and significant warning requiring action, some of it urgent, and act promptly to correct them. The cyber directorate, in cooperation with government ministries and sectoral cyber units, should formulate a national government action plan that will ensure the narrowing of gaps in the level of defense both in the short and the long term and submit it for government approval. It is recommended that the prime minister initiate and hold orderly discussions for the purpose of presenting the state of national preparedness for a cyber incident and the gaps in it, in order to make decisions in the political-security cabinet or in a dedicated ministerial committee to be established for this purpose, periodically and at least once every six months, and it is also recommended that the Prime Minister’s Office and its head act to complete the legislation of the cyber law.”

The cyber directorate argued several months ago that the report presents an inaccurate and overly severe picture. According to it, the 21 bodies are not a statistically representative sample of the economy, there are regulatory differences among them, and the comptroller ignored compensating controls, alternative protection solutions when they do not meet the original standard. The State Comptroller rejected the claims.

The National Digital Agency said, “With regard to the government sector under its responsibility, the directorate has acted and continues to act continuously, responsibly and professionally. If claims arise in the report that do not reflect the full scope of the activity carried out, the matter will be reviewed and presented again to the relevant parties.”

Israel must create a uniform framework and a multi-year budget for AI adoption

The State Comptroller’s Office carried out two audits in the field of artificial intelligence and determined that the adoption of AI in government can no longer rely on “local initiatives” or on the motivation of one manager or another. To turn innovation into a real government capability, the state must create a uniform and binding framework that includes a multi-year budget, more flexible procurement mechanisms, solutions to information security barriers, and systematic training for public employees.

According to the report, the comptroller led and managed a parallel multinational audit within EUROSAI, where Englman serves as president, with the participation of 12 countries including France, Italy, Switzerland and others. According to the comptroller, Israel is entering the revolution with excellent starting conditions thanks to a developed technology ecosystem, high-quality human capital and targeted government initiatives. But what are the gaps? First, the lack of a long-term plan. Israel has no comprehensive and binding national plan that includes timelines, a budget and oversight indicators. Second, approved funds were not fully utilized, mainly in a critical area such as supercomputing and infrastructure for training large models. In addition, there is a lack of information sharing, and the government lacks managers, lawyers and information security professionals who understand technology and know how to oversee external vendors.

Another point is that the comptroller carried out an extensive broad mapping in which 70 leading bodies such as government ministries, hospitals and municipalities responded. On the one hand, the mapping found managerial motivation and awareness, 77% of managements attach great importance to integrating AI, 63% of the bodies have already appointed a lead person, and 72% are conducting employee training. On the other hand, there are severe infrastructural and managerial gaps: only 18% of the bodies have adopted a defined AI strategy, 58% have no dedicated budget for the issue, and 68% of the projects are stalled.

The President’s Residence operated without a government guiding body in the cyber field

The President’s Residence is a central symbol of the State of Israel, damage to these systems could harm not only its functioning but also the way the institution is perceived in the national consciousness. But that is not all, there is also immense sensitivity of the information, since the computerized systems of the President’s Residence contain information on nearly 100,000 pardon applicants, and this database was managed at the President’s Residence not in accordance with some of the legal provisions applicable to bodies that hold databases. The threat takes on added significance and urgency during wartime, when cyberattacks intensify.

According to the report, the President’s Residence operated entirely without a government guiding body in the cyber field. Unlike the fields of finance and human resources, the institution did not apply to itself the information security rules that are mandatory for government ministries. Only in September 2024 were the YAHAV guidelines officially adopted. In addition, critical core functions of technological management and oversight were not formally assigned to any employee at the institution.

According to the report, the President’s Residence has no disaster recovery plan, some of the computerized systems had reached the end of their life cycle, and even at some endpoints outdated versions were running and were therefore vulnerable to attacks, with required version updates not carried out. Moreover, since 2022 the President’s Residence has been receiving support services for the sensitive pardons database from an external supplier without a signed and valid agreement. In the agreements with the supplier, the purposes for which it is permitted to use the information were not defined, the systems were not detailed, and no mechanism was set out, so the necessary legal protections are lacking.

The document concludes that “State Comptroller Matanyahu Englman determined that the President’s Residence, as a public body of the highest national importance, must continue to work to correct the deficiencies raised in the audit, in order to ensure the confidentiality, integrity, availability and resilience of the information in its possession, prevent harm to the privacy of the state’s residents, and prevent harm to the reputation and image of the President’s Residence.”

The National Digital Agency’s response regarding the President’s Residence: “The President’s Residence is not among the bodies required to be supervised by YAHAV. Cooperation with it was initiated by the President’s Residence and stemmed from a desire to benefit from YAHAV’s knowledge and professional expertise. YAHAV acted in accordance with the request and within the framework of professional cooperation, the purpose of which was to provide a professional response in the field of protecting digital infrastructure and services.”

The cyber directorate’s response to the State Comptroller’s report: the National Cyber Protection Law, approved last night in its first reading, will improve the cyber defense level of essential organizations and digital providers and strengthen the regulatory government ministries to lead defense in the various sectors under the professional guidance of the National Cyber Directorate. It is important to note that the intensive defense activity of the National Cyber Directorate, together with its partners in the mission and especially during the war, prevented significant successes by the enemies, who failed to cause a disruption in national continuity of operations or loss of life, as they repeatedly tried. The National Cyber Directorate studied the report’s findings in depth, as it does with every professional audit, has already addressed some of the issues raised, and will continue working to implement the lessons learned.

The Israelis who want to conquer the CBD market in Germany are on the way to an IPO