US-Iran deal role spurs cyber threats
Pakistan faces 253 cyberattacks in 2026; govt issues COC deadline for organisations

With the evolving regional situation following brokering of a deal by Pakistan between the US and Iran, the country stands to gain significant opportunities but may also face heightened cybersecurity threats.
"The government and businesses must prepare accordingly," Shadi Khuffash, Senior Regional Director for South Middle East at Fortinet, an American multinational cybersecurity corporation headquartered in Sunnyvale, California, emphasised on the sidelines of the Fortinet Security Day Karachi 2026 conference titled "Securing the AI Journey".
Pakistan Computer Emergency Response Team (PKCERT) Director General Dr Haider Abbas also highlighted both progress and persistent dangers while Fortinet executives outlined the strong corporate commitment to supporting Pakistan's digital transformation.
Abbas revealed that Pakistan has recorded 253 cyberattacks in 2026 so far, including a ransomware incident last week at a government entity that encrypted data and forced recovery from backups. In 2024-2025, the country faced 927 attacks on critical infrastructure across the public and private sectors. Ransomware remains one of the most damaging threats.
"These were the incidents that were successfully handled," Abbas said, cautioning that many organisations remain unaware of breaches. He described cybersecurity as a national security challenge, citing the technological dimensions of recent conflicts, including the US-Israel and Iran war.
"It was a purely technological war that proved lethal from a national security perspective," he said. In response to the attacks on Pakistan, authorities have issued a six-month deadline to all public and private organisations to establish and operationalise Cybersecurity Operation Centres (COCs) equipped with SIEM, EDR, NDR, and XDR solutions for continuous threat monitoring. Sector-specific CERTs are being rolled out under regulators including the PTA, SBP, SECP, Nepra, Ogra, HEC, and CAA, with plans for a dedicated Federal Government CERT.
Pakistan has also developed the Pakistan Information Security Framework 2026 (PISF 2026), currently under cabinet review and presented to parliament. Once approved, organisations will receive compliance timelines. Abbas invited collaboration on the emerging AI-based attack detection frameworks.
Pakistan has achieved notable global recognition: role-model status in ITU's 2024 cybersecurity rankings, membership in APCERT, and full accreditation in the Forum of Incident Response and Security Teams (FIRST) last month. National CERT collaborates with friendly countries' CERTs for threat intelligence sharing.
Abbas also announced the launch of an executive leadership training programme for C-level executives to enhance organisational cybersecurity compliance and build a comprehensive national ecosystem. PKCERT serves as the focal point for these initiatives, supporting the broader Digital Nation Pakistan vision.
Fortinet executives expressed confidence in Pakistan's trajectory. Alain Penel, Vice President for Middle East, Turkey, and CIS, described the country as a key market where the company maintains a large local team across Karachi, Islamabad, and Lahore.
"We are seeing a big change in Pakistan because the country is moving to digitalisation," Penel said. He noted mature discussions on SD-WAN, network security, OT security, SASE, and cloud solutions, with strong local engineering talent. Fortinet is investing in SecOps projects using AI for defence while developing protections for AI systems themselves, including LLM safeguards.
Data sovereignty is a major focus as Pakistan adopts hybrid cloud infrastructure. Shadi Khuffash echoed this optimism. "Pakistan is a growing market. It's a strategic market for us," he stated. The company has accelerated growth over the past four to five years after more than a decade of presence, driven by digitisation in government, financial services, manufacturing, and utilities.
Khuffash highlighted a healthy balance between government and private-sector clients. Fortinet contributes to building trust in digital services essential for banks, payment gateways, and government platforms. He anticipates rapid digital economy growth that will increase connectivity and exposure, necessitating strong cybersecurity as a foundation.
Khuffash linked Pakistan's enhanced regional role, including brokering efforts and potential shifts in trade routes and energy corridors, to both opportunities and risks. "With Pakistan's renowned role in the region there's going to be a paradigm shift," he said, expecting more foreign investment and positioning as a trusted hub.
This spotlight, however, invites adversaries. He urged a mindset shift, making security integral to all initiatives, alongside scaling secure data centres and cloud services to accommodate expansion by contractors, energy providers, and logistics firms.
Fortinet continues hiring local talent (roughly 40% Karachi, 40% Islamabad, 20% Lahore) and expanding technical and sales capabilities. "Our presence is long term, and we'll continue to invest," Khuffash affirmed.
State Bank of Pakistan's ITD Director Ahmed Saeed reinforced the need for banks to adopt hybrid cloud securely with zero trust architecture and integrated monitoring.



















COMMENTS
Comments are moderated and generally will be posted if they are on-topic and not abusive.
For more information, please see our Comments FAQ