Author: Mark Bezzina
As of early March 2026, the escalation of hostilities in the Middle East has significantly altered the global risk landscape. Following joint military strikes by the United States and Israel, Operation Epic Fury and Operation Roaring Lion, and subsequent retaliatory campaigns by Iran, Australian organisations are facing a complex environment of shifting threats.
While the kinetic conflict remains regional for now, the operational fallout is global. DFAT’s Smartraveller has issued urgent “Do Not Travel” alerts for the region, and major Gulf aviation hubs have faced blanket airspace closures, grounding routes that carry the bulk of Australia–Europe traffic. Additionally, the Australian Signals Directorate (ASD) has urged organisations to maintain strong cyber hygiene in light of these events.
For Australian leaders, this is a time for disciplined, scenario-driven preparation. This article provides a structured roadmap to stabilise your operations and protect your people, assets, and reputation over the next 90 days.
Key Risk Pathways for Australia
The current crisis acts as a “threat multiplier,” exacerbating vulnerabilities across three primary domains:
1. Cyber Spillover and Opportunistic Attacks
State-sponsored actors and hacktivists are leveraging this instability to conduct espionage and disruption. Threat actors are using AI-enhanced “themed” phishing campaigns—impersonating DFAT notices or sanctions compliance emails—to steal credentials. Pre-positioning on networks for future “extreme-impact” disruption remains a persistent risk.
2. Physical Security, Protests and Duty of Care
Domestically, overseas conflict can erode social cohesion, increasing the likelihood of politically motivated activism, vandalism, or small-scale sabotage. Organisations with visible government, defence, or Israeli business ties must be particularly alert to perimeter security.
3. Operational Disruption: Travel and Supply Chains
The closure of airspace across Qatar and the UAE has already disrupted international travel and squeezed freight capacity. Simultaneously, the threat to the Strait of Hormuz—a chokepoint for 21% of global petroleum, threatens fuel security and is driving a spike in insurance premiums.
The 90-Day Resilience Roadmap
Next 72 Hours: Stabilise and Reduce Exposure
| Action | Owner | Effort | Outcome |
| Rapid Risk Review | Head of Risk/Security | Low | Identified immediate exposure (travellers/suppliers). |
| Travel Grounding | HR / Travel Manager | Medium | Staff registered with DFAT; non-essential travel halted. |
| Cyber Hygiene Baseline | CISO | Medium | Enforced MFA and verified “air-gapped” offline backups. |
| Comms Plan Activation | Head of Corp Comms | Low | Internal/external crisis messaging drafted and ready. |
Next 30 Days: Validate Plans and Uplift Maturity
- Refresh STRAs: Update your Security Threat & Risk Assessments (STRA) to move conflict-linked sabotage and interference from “residual” to “credible”.
- Supply Chain Mapping: Identify “single points of failure” for critical products (fuel, chemicals, pharmaceuticals) relying on Middle Eastern transit.
- Tabletop Exercises: Run cross-functional simulations involving HR, IT, and Comms to practice response to combined cyber-physical disruptions.
- Vendor Assurance: Demand that key digital and physical suppliers share their own business continuity plans (BCP).
Next 90 Days: Embed Long-Term Resilience
- Diversification Strategy: Begin planning to move away from geographically concentrated or single-source suppliers.
- Security Architecture Review: Accelerate the shift towards Zero Trust models to mitigate lateral movement by malicious actors.
- Personnel Vetting: Tighten background screening for high-risk roles to monitor for vulnerabilities to foreign inducement or extremism.
Sector-Specific Priorities
- Government & Critical Infrastructure: Strictly enforce PSPF Direction 003-2025 prohibiting personnel from disclosing security clearance levels on social media to prevent foreign targeting.
- Healthcare & Aged Care: Ensure backup generator fuel supplies are secured and BCPs account for “pivoting to manual” during system outages.
- Logistics & Manufacturing: Engage freight forwarders to assess alternative air/sea routing; stress-test inventory against extended shipping delays.
- Property & Venues: Implement rigorous security planning for AGMs and public events, including pre-registration, bag checks, and safe arrival protocols.
How Agilient Can Help
Agilient provides expert, independent advisory services to help Australian organisations navigate geopolitical volatility. We specialise in:
- Security Threat & Risk Assessments (STRA): Re-baselining your posture against the current threat environment.
- Protective Security Design: Expert review of CCTV, access control, and physical perimeters.
- Business Continuity & Crisis Management: Developing and exercising BCPs that remain robust under intense pressure.
- Supplier & Supply Chain Assurance: Mapping interdependencies and identifying hidden risks in your vendor ecosystem.
- Travel & Executive Security: Policy development and practical briefings for personnel in high-risk regions.
Frequently Asked Questions
Do we need to change our corporate travel policy today? Yes. Policies should be strictly aligned with current DFAT/Smartraveller “Do Not Travel” advisories. Any staff currently in the region should be instructed to leave immediately while commercial options remain available.
What is the quickest way to uplift our resilience? Stabilise your “human perimeter”. Brief staff on Middle East-themed phishing, enforce MFA across all internet-facing assets, and verify that your crisis communications tree has up-to-date offline contact details.
How should we communicate this to staff? Focus on facts, safety, and transparency. Remind staff of reporting channels for harassment or suspicious activity, and provide specific well-being support for those from impacted diasporas who may face heightened stress or coercion.
Disclaimer: This article provides general information and does not constitute legal or professional advice. Organisations should seek independent risk and legal assessments tailored to their specific circumstances.