Open search
Accessibility

Azerbaijan’s cybersecurity momentum: preparing for an AI-driven future

Azerbaijan’s recent rise in the National Cyber Security Index (NCSI) reflects continued progress in strengthening the country’s cybersecurity ecosystem. The country advanced from 52nd to 31st place globally, while its overall score increased from 75.83 to 83.33. Behind this improvement lies a broader effort to enhance cybersecurity governance, strengthen institutional capacity and address emerging digital risks in an increasingly interconnected environment.

Developed by the e-Governance Academy, the NCSI assesses countries across a range of legal, technical, operational and governance indicators. Azerbaijan’s improved performance points to a cybersecurity framework that is becoming more mature, better coordinated and increasingly aligned with international standards and cooperation mechanisms, while laying the foundations to address emerging challenges related to artificial intelligence and critical infrastructure protection.

This progress was also reflected at the 4th National Cybersecurity Forum, held in Baku on 4 June 2026. Organised by the Azerbaijan Cybersecurity Organizations Association (AKTA) and the National Cybersecurity Center of the State Security Service, the Forum brought together national and international stakeholders from government, industry, academia and civil society, serving as a platform for dialogue, knowledge-sharing and regional and international cooperation on cybersecurity, digital resilience and emerging technological challenges.

Photo by AKTA

A stronger cybersecurity ecosystem

Azerbaijan’s progress in the NCSI is particularly notable considering that the country ranked 86th in the index as recently as 2023. The improvement reflects a series of coordinated reforms in cybersecurity governance, legislation, institutional capacity, technical capabilities, workforce development and international cooperation.

A key driver of this progress has been the strengthening of specialised institutions, including the National Cybersecurity Center under the State Security Service and the Azerbaijan Cybersecurity Organizations Association (AKTA), which have accelerated reforms and enhanced coordination across the cybersecurity ecosystem. Davud Rustamov, Head of the National Cybersecurity Center, noted that ongoing legislative initiatives and planned projects are expected to further strengthen Azerbaijan’s position in global cybersecurity indices and support national cybersecurity objectives.

While Azerbaijan applies a decentralised cybersecurity governance model, responsibilities are clearly defined. The National Cybersecurity Center ensures the security of critical information infrastructure, while the State Service for Special Communication and Information Security secures government information systems. More recently, the National Cybersecurity Agency was established under the Ministry of Digital Development and Transport, replacing the former Electronic Security Service and expanding engagement with private-sector actors outside critical and governmental information infrastructure.

This institutional consolidation supports more secure digital public services, stronger personal data protection and a more predictable environment for digital investment. Azerbaijan’s cyber resilience also has a regional dimension, given its role in connectivity and strategic infrastructure.

Speakers emphasised that cybersecurity requires cooperation across government, the private sector, academia and international partners. This ecosystem-based approach is also reflected in the EU-funded “Improving Cyber Resilience in Eastern Partnership Countries 2.0” project, implemented by the e-Governance Academy (eGA) in Azerbaijan and Moldova. Yet as cybersecurity governance continues to mature, attention is increasingly shifting from building institutions to preparing for emerging technological challenges, particularly those associated with artificial intelligence.

 

AI as a new priority for cyber defence

The Forum discussions reflected a broader global shift in cybersecurity, where artificial intelligence is simultaneously amplifying cyber risks and reshaping defence capabilities. In this context, Deputy Minister of Digital Development and Transport Sameddin Asadov emphasised that cybersecurity has become an integral component of national security, requiring sustained investment and long-term strategic focus in an increasingly AI-driven environment.

A key concern was AI’s accelerating impact on cyber threats. Allahveran Ismayilov, Deputy Chief of the State Service of Special Communication and Information Security, noted that AI-driven threat evolution is outpacing traditional defences, requiring continuous adaptation. He pointed to operational responses such as neutralising attacks on state information resources, filtering malicious traffic and disrupting phishing domains.

Beyond operational response, participants emphasised long-term resilience through knowledge and capacity building. Rasim Aliguliyev, Vice-President of the Azerbaijan National Academy of Sciences and Director of the Institute of Information Technology, stressed that cybersecurity in the AI era depends not only on resources, but also on strong academic and research ecosystems supporting advanced security solutions.

The governance dimension was also central to the discussion. Chair of the Parliamentary Committee on Defence, Security and Anti-Corruption Arzu Naghiyev highlighted Azerbaijan’s engagement in international cyber governance, including participation in the UN Convention on Cybercrime and its early ratification. These efforts were presented as part of a broader policy approach aimed at strengthening national resilience while contributing to international cooperation on emerging AI-related cyber risks.

The Forum also addressed risks linked to AI-generated content, particularly deepfakes and misinformation, which can undermine institutional credibility and public trust. Azerbaijan’s introduction of criminal liability for non-consensual deepfakes reflects the growing intersection of cybersecurity, legal safeguards and trust protection.

From a technical and operational perspective, Dan Ungureanu, Cyber Exercises Branch Head and e-Governance Academy consultant, highlighted a shift towards AI-supported cyber defence systems that enhance detection speed, situational awareness and operational scalability. At the same time, he cautioned that these systems introduce new risks, including prompt injection vulnerabilities, unclear accountability structures and automation-driven cascading failures. He stressed that governance must precede deployment, requiring clear rules, audit mechanisms and controlled testing environments, summarising: “the question is not whether AI will defend; it is who sets the rules.”

 

Building resilience before disruption happens

A recurring theme throughout the Forum was resilience: how can a digital state continue functioning when normal conditions are disrupted? This requires planning not only for cyberattacks, but also for situations in which connectivity, communications or critical infrastructure are affected.

Davud Rustamov, Head of the National Cybersecurity Center, highlighted the importance of protecting critical information infrastructure, particularly the energy sector, which underpins the functioning of other essential services and remains a frequent target of cyber threats worldwide. He also warned about the growing challenge posed by advanced persistent threats (APTs) – sophisticated, often state-backed operations that seek long-term access to critical systems and can remain undetected for extended periods. Such threats, he noted, demonstrate the need to secure not only critical infrastructure itself, but also the wider ecosystem of interconnected systems on which it depends.

The importance of continuity planning was further highlighted by Tural Mammadov from the State Service for Special Communication and Information Security. He presented Azerbaijan’s efforts to develop sovereign digital services capable of operating even during internet disruptions, including national data exchange mechanisms and infrastructure designed to maintain essential public services under adverse conditions.

These discussions reflected a broader reality: modern crises increasingly combine cyber, physical and communication disruptions. As a result, resilience can no longer be viewed solely as a cybersecurity issue, but as a core requirement for the continuity of government services and critical infrastructure.

The Forum participants emphasised that building a resilient digital state requires not only technology and institutions, but also sustained investment in expertise, innovation and national capabilities. For countries pursuing digital transformation, resilience increasingly means ensuring that essential services remain available even during cyber incidents, infrastructure failures or broader crises. In an increasingly interconnected world, resilience depends on the ability to anticipate disruption, adapt to evolving threats and maintain public trust under challenging circumstances.

 

Estonian experience and international cooperation

International cooperation emerged as a recurring theme throughout the Forum, reflecting the reality that cyber threats increasingly transcend national borders and require collective responses. This perspective was explored during a panel on regional experience and cooperation, moderated by Elvin Balajanov, Azerbaijan’s NCSI data contributor and a member of the expert group supporting the Global Cybersecurity Index (GCI), together with experts from Estonia, Türkiye, Kazakhstan and Uzbekistan.

Participants highlighted that effective cybersecurity depends not only on technology, but also on trusted partnerships, timely information sharing and investment in cybersecurity skills. As cyber threats grow in sophistication and artificial intelligence reshapes both attack and defence capabilities, regional cooperation is becoming an increasingly important component of cyber resilience.

Estonia’s experience offered a useful comparison for Azerbaijan’s digital development. Doris Põld, CEO of the Estonian Association of Information Technology and Telecommunications, highlighted the importance of cooperation between the public sector, private companies and international partners. She recalled that the major cyberattacks against Estonia in 2007 became a turning point for the country’s cybersecurity development. 

“We cannot separate digitalisation from cybersecurity,” Põld noted, referring to Estonia’s long-term approach to building a secure digital society. She stressed that security by design is not only a technical principle, but a foundation for public trust. If digital services are expected to support the functioning of the state and society, cybersecurity must be considered from the earliest stages of planning, design and implementation. 

Estonia’s experience shows that cyber resilience is built through cooperation, preparedness and shared responsibility across the whole ecosystem. It also means bringing cybersecurity expertise into digital transformation from the start, so that security is not treated as an additional layer, but as part of how digital societies are built. 

This same logic also guides the EU-funded Eastern Partnership Cybersecurity Project, which supports Azerbaijan in strengthening cybersecurity governance, alignment with European and international standards, and operational capacity for incident management and critical infrastructure protection. 

For eGA, the cooperation is also about sharing Estonia’s practical experience while learning from Azerbaijan’s own digital journey. The discussions in Baku showed that Azerbaijan’s cybersecurity development is moving forward on several levels at once: stronger institutions, greater focus on AI, more attention to service continuity and deeper international cooperation. 

 

Summary

Azerbaijan’s rise in the NCSI is therefore one visible sign of a broader transformation. Cybersecurity is becoming a central part of the country’s digital development, national resilience, and international partnerships. 

The discussions in Baku demonstrated that Azerbaijan’s cybersecurity development extends beyond institutional reforms and international rankings. From AI preparedness and critical infrastructure protection to service continuity and regional cooperation, cybersecurity is increasingly becoming a key pillar of Azerbaijan’s digital development. As discussions at the Forum demonstrated, this progress is being shaped not only by domestic reforms, but also by international partnerships and the exchange of experience with countries such as Estonia and other regional peers.