Cyber Risks and the Middle East Conflict: Steps General Counsel Can Take Today

The Middle East has heightened cybersecurity risks, with threat actors targeting both governments and companies across the region and beyond. Governments and cybersecurity firms are calling for increased vigilance, particularly for companies active in the Middle East; those with sovereign state investors; companies providing critical infrastructure, energy, logistics, transportation, defense, and aerospace-related services; and those with exposed supply chains. In turn, general counsel may wish to proactively consider cyber risk mitigation measures, including those discussed in this LawFlash.

GROWING IRAN-LINKED CYBER THREATS

Several government agencies and private cybersecurity firms have already warned that the conflict in the Middle East has brought enhanced cybersecurity threats. Notably, the United States’ Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, US Department of Defense Cyber Crime Center, and National Security Agency have previously warned that Iranian state-sponsored threat actors or affiliated threat actors are actively targeting US critical infrastructure.

The United Kingdom’s National Cyber Security Centre (NCSC) recently warned businesses, particularly companies with operations, offices, or supply chains in the region, to review and strengthen their cybersecurity defenses. Companies with heightened exposure include those active in energy and oil infrastructure, aviation and transportation, financial services, telecommunications and IT service providers, and defense and national security assets. As is evident from recent threat actor activity, companies with supply chain links or other critical infrastructure in the Middle East may also be impacted through exploitation of supply chain vulnerabilities.

Since the start of the conflict, at least one US-headquartered medical device company is known to have been compromised by Iranian state-sponsored threat actors. Additionally, on March 12, 2026, Polish authorities reported they recently detected and blocked an attempted cyberattack targeting Poland’s National Centre for Nuclear Research. According to Digital Minister Krzysztof Gawkowski, preliminary indicators suggest the cyberattack may be linked to Iran.

Many government authorities in the United States and Europe anticipate that more cyberattacks are likely in the coming weeks and are encouraging companies to prepare accordingly. For example, the NCSC recommends preparing for potential denial-of-service (DDoS) attacks, phishing campaigns, system disruptions, and account compromises. Unit 42, a cybersecurity intelligence firm, also warns against vulnerability exploitations, AI-enhanced spear-phishing, and website defacement. Likewise, Mandiant advises organizations using Microsoft Intune, a cloud-based endpoint management service, to reassess Intune access permissions, warning that attackers could exploit privileged access to launch destructive cyberattacks, including remote wipe commands, against company-managed devices such as laptops or phones.

WHAT SHOULD GENERAL COUNSEL DO?

General counsel may wish to consider the following steps:

• Consider cyber hardening measures and work with information security teams
  • Assess direct and indirect risks, including supply chain relationships, for example, those with access to sensitive data or critical systems
  • Strengthen monitoring and alerts for suspicious activity, particularly for VPN gateways, internet-facing systems, and supply chain relationships
  • Provide enhanced employee training regarding phishing and malware delivery
  • Harden Active Directory; enforce multi-factor authentication across all managed devices and accounts, reduce token session lifetimes, revisit administrative privileges, modify conditional access policies, and prioritize patching for critical systems
  • Confirm that backups are immutable and up to date
  • Implement geographic IP blocking where appropriate
• Test incident and operational resilience protocols:
  • Confirm that contact details for relevant stakeholders, including IT, legal, communications, outside counsel, and external vendors, are up-to-date and accessible offline via out-of-band communication platforms
  • Conduct realistic tabletop exercises for senior management that simulate state-sponsored attacks, malware, DDoS, and operational disruption scenarios and test recovery protocols and timelines
  • Review potential board, investor, employee, contractual, regulatory, insurance carrier, and law enforcement notification scenarios
  • Review legal professional privilege considerations in the context of multi-jurisdictional incidents
  • Consider the company’s policy towards ransom payments, including with the overhang of global sanctions and anti-money laundering laws
• Review cyber risk insurance:
  • Consider incident‑notification procedures for insurance carriers
  • Assess whether policies exclude coverage for war or state-linked events, and as such, be mindful of incorrect assessments of threat actor identity
  • Clarify coverage for business interruption and supply chain disruptions
• Monitor threat intelligence:
  • Monitor real-time industry guidance and threat intelligence to stay ahead of evolving risks and specific tactics, techniques, and procedures utilized by Iranian state-sponsored threat actors

STAY INFORMED

Morgan Lewis is continuing to track the legal, regulatory, and commercial impacts of escalating conflict across the Middle East, with particular focus on developments involving the United States, European Union, United Kingdom, Israel, Iran, and the broader EMEA region. Rapid changes in sanctions regimes, export controls, enforcement priorities, supply chain stability, and infrastructure security may affect a wide range of client operations. Visit our Middle East Conflict Resource Center and subscribe to our mailing list for real‑time updates on current legal and business developments. Clients may contact their Morgan Lewis relationship partner for tailored guidance.