KARACHI: With the evolving regional situation following Pakistan's brokering of a deal between the US and Iran, the country stands to gain significant opportunities but may also face heightened cybersecurity threats. Shadi Khuffash, Senior Regional Director for South Middle East at Fortinet, emphasized on the sidelines of the Fortinet Security Day Karachi 2026 conference titled "Securing the AI Journey" that the government and businesses must prepare accordingly.
Cyberattack Statistics and Ransomware Threats
Pakistan Computer Emergency Response Team (PKCERT) Director General Dr Haider Abbas revealed that Pakistan has recorded 253 cyberattacks in 2026 so far, including a ransomware incident last week at a government entity that encrypted data and forced recovery from backups. In 2024-2025, the country faced 927 attacks on critical infrastructure across the public and private sectors. Ransomware remains one of the most damaging threats. "These were the incidents that were successfully handled," Abbas said, cautioning that many organizations remain unaware of breaches. He described cybersecurity as a national security challenge, citing the technological dimensions of recent conflicts, including the US-Israel and Iran war. "It was a purely technological war that proved lethal from a national security perspective," he said.
Government Response and New Frameworks
In response to the attacks on Pakistan, authorities have issued a six-month deadline to all public and private organizations to establish and operationalise Cybersecurity Operation Centres (COCs) equipped with SIEM, EDR, NDR, and XDR solutions for continuous threat monitoring. Sector-specific CERTs are being rolled out under regulators including the PTA, SBP, SECP, Nepra, Ogra, HEC, and CAA, with plans for a dedicated Federal Government CERT. Pakistan has also developed the Pakistan Information Security Framework 2026 (PISF 2026), currently under cabinet review and presented to parliament. Once approved, organizations will receive compliance timelines. Abbas invited collaboration on the emerging AI-based attack detection frameworks.
International Recognition and Collaboration
Pakistan has achieved notable global recognition: role-model status in ITU's 2024 cybersecurity rankings, membership in APCERT, and full accreditation in the Forum of Incident Response and Security Teams (FIRST) last month. National CERT collaborates with friendly countries' CERTs for threat intelligence sharing. Abbas also announced the launch of an executive leadership training programme for C-level executives to enhance organizational cybersecurity compliance and build a comprehensive national ecosystem. PKCERT serves as the focal point for these initiatives, supporting the broader Digital Nation Pakistan vision.
Fortinet's Commitment to Pakistan
Fortinet executives expressed confidence in Pakistan's trajectory. Alain Penel, Vice President for Middle East, Turkey, and CIS, described the country as a key market where the company maintains a large local team across Karachi, Islamabad, and Lahore. "We are seeing a big change in Pakistan because the country is moving to digitalisation," Penel said. He noted mature discussions on SD-WAN, network security, OT security, SASE, and cloud solutions, with strong local engineering talent. Fortinet is investing in SecOps projects using AI for defence while developing protections for AI systems themselves, including LLM safeguards. Data sovereignty is a major focus as Pakistan adopts hybrid cloud infrastructure.
Opportunities and Risks from Regional Role
Shadi Khuffash echoed this optimism. "Pakistan is a growing market. It's a strategic market for us," he stated. The company has accelerated growth over the past four to five years after more than a decade of presence, driven by digitization in government, financial services, manufacturing, and utilities. Khuffash highlighted a healthy balance between government and private-sector clients. Fortinet contributes to building trust in digital services essential for banks, payment gateways, and government platforms. He anticipates rapid digital economy growth that will increase connectivity and exposure, necessitating strong cybersecurity as a foundation. Khuffash linked Pakistan's enhanced regional role, including brokering efforts and potential shifts in trade routes and energy corridors, to both opportunities and risks. "With Pakistan's renowned role in the region... there's going to be a paradigm shift," he said, expecting more foreign investment and positioning as a trusted hub. This spotlight, however, invites adversaries. He urged a mindset shift, making security integral to all initiatives, alongside scaling secure data centres and cloud services to accommodate expansion by contractors, energy providers, and logistics firms.
Local Hiring and Banking Sector Adaptation
Fortinet continues hiring local talent (roughly 40% Karachi, 40% Islamabad, 20% Lahore) and expanding technical and sales capabilities. "Our presence is long term, and we'll continue to invest," Khuffash affirmed. State Bank of Pakistan's ITD Director Ahmed Saeed reinforced the need for banks to adopt hybrid cloud securely with zero trust architecture and integrated monitoring.



