Call us +44 (0) 1534 626830
Home News Jersey Cyber Security Centres (JCSC) – guidance on Iran Conflict risks and Cyber Security Implications
News
Print Article

Jersey Cyber Security Centres (JCSC) – guidance on Iran Conflict risks and Cyber Security Implications  

10/04/2026

Jersey  Cyber Security Centres (JCSC) has published an article on the Impact of the Iran conflict on cyber threat activity in the Channel Islands

THE GUIDANCE IS ALSO SHOW HERE, WITH SOME MINOR ALTERATIONS FOR THE PURPOSE OF THIS NEWS BLOG

Jersey  Cyber Security Centres (JCSC)  says:-

Given the evolving events in the Middle East, JCSC  advise organisations in Jersey and Guernsey to review their cybersecurity posture.

  1. This guidance builds upon advice issued by UK NCSC on 2 March 2026. You can find the NCSC’s advice here.
  2. https://www.ncsc.gov.uk/news/ncsc-advises-uk-organisations-take-action-following-conflict-in-middle-east

IMPACT OF THE IRAN CONFLICT ON CYBER THREAT ACTIVITY IN THE CHANNEL ISLANDS

  1. Jersey and Guernsey Cyber Security Centres (JCSC and GCSC) have not seen an increase in direct cyber activity in the Channel Islands since the outbreak of conflict in Iran and the Middle East.
  2. This is consistent with NCSC’s observation in the UK that “there is likely no current significant change in the direct cyber threat from Iran to the UK, however, due to the fast-evolving nature of the conflict, this assessment may be subject to change.”
  3. Despite this, UK NCSC observes that there is almost certainly a heightened risk of indirect cyber threat for organisations and entities that have a presence, or supply chains, in the Middle East.
  4. In the Channel Islands, two types of organisations should be particularly aware of increased risks due to potential targeting by both nation states and activist hackers: 
    1. Financial Services organisations that trade with partners or customers in the Middle East
    2. Providers that operate critical infrastructure, particularly in the energy and telecom sectors

RISKS TO DIGITAL INFRASTRUCTURE IN THE MIDDLE EAST

  1. Both cyber and kinetic attacks have been targeted at network and computing infrastructure in the Middle East, including major datacentres, telecoms networks, and cloud service providers.
  2. The impact of this on Channel Islands organisations is likely to be limited in most cases.
  3. However, organisations may wish to consider any risks arising from attacks impacting partners or suppliers in the region.

RISKS TO SUPPLY CHAINS

  1. The conflict is having a direct impact on supply chains, including for computer equipment. In addition to fuel and energy cost impacts, the conflict has disrupted approximately one-third of the global helium supply, which is used to produce semiconductors.
  2. Organisations should be aware of the impacts on the cost and availability of some computer equipment for the foreseeable future, and plan accordingly.

POTENTIAL FOR DELAYED CYBER ATTACKS

  1. Iran has very capable cyber threat actors. Iranian threat actors have the technical skills and access to tooling that enable them to penetrate networks or conduct influence operations.
  2. JCSC has observed reduced global internet traffic from Iran as a result of the Iranian regime blocking most users from accessing internet services since 8 January 2026. This access was further restricted in late February 2026 following the outbreak of war.
  3. Approved users and state authorities can still access the internet, but many private users cannot. This may limit the extent of direct activist hacker (‘hacktivist’) threats in the short term.
  4. However, it has also resulted in much residual traffic from Iran being routed via other countries. For example, Iranian traffic routed via residential proxies in the USA rose by 233% from January to February 2026.
  5. Therefore, much Iranian internet traffic now appears to originate from the USA, UK, Germany, France or Gulf states. As traffic from Iran remains 92% below normal volumes, much of this is likely State-sanctioned activity.
  6. This means that blocking traffic originating from Iranian IP addresses or ASNs (Autonomous System Names) would likely be ineffective. However, controls that look for anomalous behavioural patterns in traffic flows may be effective at detecting potential malicious activity.
  7. Due to current restrictions on internet access in Iran, the extent of cyber activity will likely only become clear once the internet blackout is lifted.

STEPS ORGANISATIONS CAN TAKE TODAY

Organisations should assess their risks and continue to focus on operating strong essential controls. In particular:

  1. All organisations should regularly discuss cyber risks and make sure that they have effective controls in place.
    1. The UK Cyber Governance Code of Practice is an excellent framework to use for this.     https://www.gov.uk/government/publications/cyber-governance-code-of-practice
    2. A one-page summary is available here. https://assets.publishing.service.gov.uk/media/67ffbb30b73354468d135556/Cyber_Governance_Code_of_Practice_-_one_page_summary.pdf
  2. All organisations should register for Jersey Cyber Shield.
    1. https://jcsc.je/about-jersey-cyber-security-centre/jersey-cyber-shield/
  3. Smaller organisations should consider attaining Cyber Essentials Plus with a local provider.
    1. https://jcsc.je/guidance-standards-advice/ci-cyber-security-suppliers/
    2. This assures key controls and can reduce the risk of a major incident by more than 90%. Cyber Essentials also provides free basic cyber insurance cover, which can help in the event of an incident. 
  4. Larger and Critical National Infrastructure organisations should refer to the UK NCSC’s Cyber Assessment Framework for guidance on controls.
    1. Undertaking a gap analysis against CAF will help identify areas for improvement to reduce risk.
    2. https://www.ncsc.gov.uk/collection/cyber-assessment-framework

SPECIFICS

  1. TRAINING
    1. Organisations should remind staff of cyber risks and advise them on what to do in the event of an incident.
  2. TESTING
    1. A time of heightened risk can be a good opportunity to test business continuity and incident response plans. It is particularly important to do so if you do not routinely test your plans regularly.
  3. MONITORING
    1. Organisations that consider they may be at risk of targeted activity may wish to enhance detection capabilities or undertake additional monitoring of systems, networks, and user behaviour.
  4. REPORT AN INCIDENT
    1. Organisations should notify any significant cyber incidents to incidentreports@jcsc.je or incidentreports@gcsc.gg.
    2. This is particularly important if incidents could impact others or are linked to the wider conflict.

FURTHER ADVICE IS AVAILABLE FROM UK NCSC HERE.

  1. https://www.ncsc.gov.uk/news/ncsc-advises-uk-organisations-take-action-following-conflict-in-middle-east
  2. You can find information tailored for your industry via our information pages: http://jcsc.je/information-for-industry/

STEPS INDIVIDUALS CAN TAKE TODAY

  1. Whilst there is no evidence of increased risk to individual islanders as a direct result of this conflict, you can always reduce your risk of a cyber-attack through good cyber hygiene.
  2. This is even more important if you are in the public eye.

IN PARTICULAR:

  1. Always use multi-factor authentication with your email and social media accounts.
  2. Lock down your social media accounts to friends and family only, and be careful what you share.
  3. Use unique passwords for each website or service – never reuse them. Consider using a password manager to avoid having to remember everything.
  4. Choose good passwords, for example, by using three random words.
  5. Patch your devices, including phones and computers, as soon as patches become available. If possible, turn on automatic updates.
  6. Never use email to share passports, utility bills, bank statements, or other information that could be used for identity theft.
  7. Be alert to AI-generated content via email, social media, websites and text messages. This can be very convincing. If in doubt, don’t engage.
  8. Only download apps or visit websites from trusted providers.
  9. Check if your email account or passwords have been compromised at HAVEIBEENPWNED.COM.

YOU CAN FIND MORE INFORMATION FOR INDIVIDUALS HERE.  

FOR MORE INFORMATION, ADVICE AND GUIDANCE, CONTACT JCSC :

SOURCES

https://jcsc.je/guidance-standards-advice/iran-conflict-cybersecurity-ci/

JERSEY DIGITAL TRUST CYBER

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more

Gallery

View our latest imagery from our news and work

Find out more

Contact

Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.  
×

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.  

news disclaimer -

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.