On March 1, Iranian drones struck three data centers operated by a major U.S. hyperscaler in the Gulf—two in the UAE, one in Bahrain. Banking apps went dark. Payment platforms failed. Ride-hailing services crashed. It was the first time a U.S. data center had been hit by military action, and it sent an unmistakable message: in modern conflict, corporations are targets.
This is not an anomaly. It’s a strategy.
Since the dawn of modern warfare, armed forces fought other armed forces. Private companies were affected, but they operated on the periphery of the battlefield. That assumption is now obsolete.
Iran’s current campaign reflects a deliberate shift toward attacking economic infrastructure and commercial actors. Data centers in the Gulf have faced physical, cyber, and hybrid strikes aimed at disrupting the digital backbone of global commerce.
Tourism hubs in Dubai and Abu Dhabi have been hit by missile and drone strikes on hotels and airports—designed to erode confidence and kill visitor demand.
Oil tankers and commercial vessels tied to the global energy trade have been harassed in the Strait of Hormuz, while Iran’s Houthi proxies in Yemen have targeted shipping in the Red Sea. These attacks are not random. They are a coordinated effort to impose economic costs, manufacture uncertainty, and pressure governments by targeting the private systems that sustain modern economies.
This reality demands a fundamentally new approach to corporate security—one that treats geopolitical risk as an operational issue, not a compliance checkbox.
Real-time intelligence. Quarterly risk assessments and static security reviews are relics of a different era. In a dynamic conflict environment, businesses need continuous situational awareness— live information on cyber threats, physical attacks, regional instability, and supply chain disruptions.
Physical and digital hardening. Data centers, ports, logistics hubs, energy infrastructure, and commercial campuses are now legitimate military targets. Resilience planning—redundant networks, reinforced facilities, physical security improvements to redundancy in digital networks and supply chains—has become a board-level governance issue.
Active defensive capabilities. The proliferation of drone and missile technologies means counter-drone and counter-missile systems are no longer exclusively military concerns. In high-risk sectors and regions, companies may need to evaluate both kinetic and non-kinetic defensive tools to protect critical infrastructure.
None of this means corporations should replace governments as security providers. Militaries will still field the most advanced anti-missile and anti-drone systems. But the traditional boundary between national security and corporate risk management is dissolving fast.
The companies best positioned to navigate this era will be those that build genuine partnerships with governments, intelligence professionals, and national security advisors—and that design practical mitigation strategies before the next strike, not after.
The front lines of modern conflict no longer run only through military bases. They run through ports, data centers, shipping lanes, and corporate networks.
And the companies that depend on them must be prepared to defend themselves.
