Azerbaijan has quietly become one of the most cyber-resilient states in its region — and one of the most targeted. As the country accelerates its digital transformation, the threat landscape has evolved in lockstep. Here is a comprehensive look at where Azerbaijan stands in 2026, what the data shows, and where government strategy is headed.
Azerbaijan's Global Cybersecurity Ranking
In May 2026, Azerbaijan advanced 21 places in the National Cyber Security Index (NCSI), a benchmark maintained by Estonia's e-Governance Academy covering more than 100 countries. The country climbed from 52nd to 31st place, with its score rising from 75.83 to 83.33 out of 100. The index evaluates technical capabilities, legal frameworks, governance capacity, and national preparedness — not just headline metrics.
This follows a series of improvements: in April 2024, Azerbaijan had already reached 13th place on a separate ITU-driven ranking, and the country has now jumped 40 places in the Global Cybersecurity Index over the past two years.
The Threat Picture in 2025–2026
Despite these gains, cyberattacks against Azerbaijani targets have intensified. A joint study covering the 12-month period from July 2025 to June 2026 reveals a stark picture:
- 54% of attacks targeted Azerbaijan's government and technology sectors combined
- Technology companies bore the highest burden at 26% of all incidents
- Energy and critical infrastructure accounted for the next largest share
- Business systems across multiple industries were the most attacked asset class at 52%
Who Is Attacking?
The threat actor breakdown shows a geopolitically charged picture:
| Actor Type | Share of Attacks |
|---|---|
| State-sponsored groups | 29% |
| Organized criminal networks | 18% |
| Black-hat hackers | 14% |
| Script kiddies / amateurs | 3% |
Nearly three in ten cyberattacks against Azerbaijan were attributed to groups supported by regional state actors — a figure consistent with the country's strategic position at the intersection of major geopolitical interests.
Financial Fraud
Cybercrime has a direct cost to Azerbaijani citizens. The Ministry of Internal Affairs reported that over 6 million AZN (approximately $3.5 million USD) was lost to cyber fraud in just the first four months of 2025 — an annualized rate that underscores the growing sophistication of social engineering and phishing campaigns.
Infrastructure Defense: What CERT-AZ Is Blocking
The Electronic Security Service (CERT.AZ) and the national AzStateNet network form the backbone of Azerbaijan's cyber defense. In the most recent reporting period:
- 260 million malicious redirects were blocked through the AzStateNet network
- 12 million infected files were intercepted by the central antivirus system
- 60,000+ malicious email attachments were neutralized by the government's Sandbox analysis system
These numbers reflect not just the volume of threats, but a maturing detection and response infrastructure that is increasingly automated and centralized.
Government Strategy: From Reaction to Architecture
The 2023 National Cybersecurity Strategy
Azerbaijan's strategic framework for cybersecurity was formalized in August 2023, when President Ilham Aliyev signed the "Strategy of Azerbaijan on Information Security and Cybersecurity." The document lays out a phased roadmap covering legal harmonization, capacity building, and international cooperation.
The 2025 Digital Development Concept
On January 16, 2025, President Aliyev approved the Digital Development Concept of the Republic of Azerbaijan. The concept prioritizes:
- Personalization and accessibility of digital public services
- Business support through digital infrastructure
- Increased transparency in public administration
- IT talent development and digital literacy
- Cybersecurity as a foundational layer across all sectors
Action Plan 2026–2028: The Unified Platform
The most significant near-term initiative is the Action Plan for 2026–2028, which mandates the Ministry of Digital Development and Transport, the State Security Service, and relevant bodies to establish a unified cybersecurity platform by December 2026. This platform will centralize incident response coordination and enable real-time sharing of threat intelligence across state, critical infrastructure, and private sector operators.
ICTA–ICANN Cooperation
The Information and Communication Technologies Agency (ICTA) has signed a memorandum of understanding with ICANN, covering internet governance, capacity building, digital ecosystem development, and internet security. This signals Azerbaijan's intent to integrate into global internet security governance frameworks rather than operate in isolation.
Private Sector Readiness
Azerbaijan is also developing assessment criteria for private-sector cybersecurity — a move that extends national-level diagnostics beyond government systems into the broader economy. This includes diagnostic frameworks covering all major sectors, from finance to telecoms to energy.
Key Takeaways
- Azerbaijan ranks 31st globally on the NCSI as of mid-2026 — a significant climb from its position two years ago
- State-sponsored actors account for nearly 30% of attacks — this is not just an IT problem, it is a national security concern
- The government has committed to a unified cybersecurity platform by end-2026
- Over 260 million malicious redirects were blocked in the most recent 12-month window
- Azerbaijani citizens and businesses lost at least 6 million AZN to cyber fraud in the first four months of 2025 alone
Azerbaijan is building a layered digital defense — but the adversaries are building faster. The next 12 months, as the unified platform goes live, will be the key test.
Sources: NCSI / e-Governance Academy, Ministry of Digital Development and Transport, Report.az, Azernews.az, Caliber.az, CERT.AZ official data.