Summary

SAI Israel conducted an audit of cybersecurity at the National Insurance Institute. Since 2023, the National Insurance Institute has been designated as a Critical Cyber Infrastructure body. It maintains an extensive database containing information about all Israeli residents, and faces tens of thousands of cyberattacks on a daily basis. In February 2022, there was a data breach involving 2,000 citizens. The auditors found that the National Insurance Institute's cyber defense policy had not changed in the past 10 years, despite significant developments in the field. Additionally, 50% of the information security procedures were lacking or did not meet the requirements. They also noted ineffective risk management, insufficient cyber penetration tests, and deficiencies in logical protection and detection of cyber incidents. SAI recommended that the National Insurance Institute review its information security and cyber defense policy, update its information security procedures, monitor risks, establish crisis management teams, and audit suppliers.