Likelihood: HIGH
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is high because Iranian-attributed destructive attacks against Israeli-linked targets have tripled in confirmed volume (approximately 4,800 incidents in June 2026 versus 1,600 in June 2025), demonstrating active, sustained campaign tempo against a broad target set including SMBs with limited defensive posture; impact is high because confirmed outcomes include wiped computer systems with no guaranteed restoration, meaning affected organizations face irreversible data loss, extended operational downtime, and potential collapse of time-sensitive business functions rather than containable breach scenarios.
Treatment rationale: The threat is active, targeted at a defined and reachable population (organizations with Israeli operational or supply-chain exposure), and produces destructive rather than reversible outcomes, making avoidance impractical for most and acceptance indefensible given the documented frequency and severity of system-wipe incidents.
Third-Party / Supply-Chain Risk
Organizations outside Israel that share platforms, cloud tenants, managed service providers, or supply-chain dependencies with Israeli entities inherit exposure through shared authentication paths, co-managed infrastructure, and vendor-side access; per NIST SP 800-161, this campaign warrants immediate review of third-party interconnections, vendor security posture, and contractual security obligations for any supplier or partner with Israeli operational presence.
Loss Exposure (illustrative)
Magnitude: High — illustrative range $500K–$5M for a mid-sized organization experiencing a destructive system-wipe incident, reflecting recovery labor, forensic investigation, system rebuild, lost revenue during downtime, and potential regulatory response costs; SMBs at the lower end, critical infrastructure operators potentially above range.
Frequency: For an organization with confirmed Israeli operational or supply-chain exposure during the current campaign period, illustrative annualized event probability is moderate-to-high (1-in-3 to 1-in-5 for meaningful impact) given the documented scale of approximately 4,800 incidents in a single month across a defined target population.
Annualized: Illustrative ALE: moderate-to-high exposure organization — approximately $300K–$1.5M annualized, driven by elevated event frequency during active campaign tempo and high per-incident magnitude for destructive outcomes; figure assumes no mature backup and recovery capability in place.
Basis: Magnitude range derived from internal cost components of a destructive wipe scenario: incident response and forensic labor (days to weeks), full system rebuild (proportional to estate size), business interruption during recovery window, and regulatory/notification costs where applicable. Frequency framing derived from the reported incident volume (4,800 in one month across the Israeli-linked target population) scaled to an individual organization's relative exposure surface. No third-party loss report or benchmarking study cited.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Destructive system-wipe events at covered Israeli-linked entities may constitute a reportable cyber incident or trigger notice obligations under cyber insurance policy terms — verify with broker before assuming coverage applies or that a reporting window has not opened.
• If any affected third-party vendor holds sensitive data or system access on behalf of your organization, data-processing agreements or vendor contracts may impose notification or remediation obligations — verify with counsel.
• Organizations in regulated sectors (financial services, energy, healthcare) with Israeli subsidiaries or supply-chain ties should evaluate whether national security or critical-infrastructure reporting obligations are triggered by this campaign — verify with counsel.