Ed McNicholas Discusses the Iran Conflict’s Impact on the Cybersecurity Threat Landscape in this Trending Video

Video
April 8, 2026

Transcript:

Ed McNicholas: The conflict with Iran isn’t just playing out on the battlefield. It has spilled into cyberspace, into global supply chains, into sanctions regimes — and into boardrooms.

I’m Ed McNicholas. I lead the global data, privacy & cybersecurity group at Ropes & Gray, based in Washington DC. Our team helps clients navigate the increasingly complex legal landscape surrounding data — from managing complex global advisory matters to representing clients in the whirlwind of litigation and investigations that can follow security incidents.

If your organization operates in defense, critical infrastructure, financial services, energy, healthcare, or manufacturing, the Iran war has created a complex convergence of cyber risks that demand attention.

Iran is waging its cyber campaign across multiple layers. At the top, skilled operators embedded in Iran’s military and intelligence apparatus run the most sensitive missions. Below them, a network of outsourced freelancers carries out operations with varying degrees of state direction. And at the grassroots, ideologically motivated hacktivists rally to Tehran’s cause, often with the aid of low-cost AI. 

We’ve already seen Iranian state-sponsored threat actors successfully target major, publicly traded companies operating in defense industrial base and critical infrastructure sectors. These were not random attacks. They were targeted and they exploited vulnerabilities that exist across the corporate landscape. The uncomfortable truth is that countless organizations are sitting in a very similar position. They just haven’t been hit yet.

And this is not a one-off situation. When Russia invaded the Ukraine, the world saw massive supply chain and energy disruptions, along with spillover impacts from Russian cyberattacks that reached far beyond the conflict zone.

Keep in mind that the most visible attacks may not be the most consequential. Iran’s most capable operators have been working patiently beneath the surface — probing for weaknesses, establishing footholds inside of high-value networks, and attempting to maintain persistent access.

One of the most effective ways to prepare is through a tabletop exercise — a realistic, scenario-based simulation where your leadership team, from your general counsel and CISO to the CFO and head of communications, work through the critical decisions required in the first hours and days following an attack.

These exercises inject real-world complications: a regulator calls, the press gets wind of it, a key vendor goes offline, or a sanctioned entity surfaces — forcing real-time decisions on disclosure, privilege, law enforcement engagement, and business continuity.

Organizations that have been through this tabletop process are dramatically better positioned to respond when a real incident hits. If your organization hasn’t gone through this process yet, now is the time to schedule one — reach out to our team to get started.