By 
New findings reveal sustained pressure on global including African, networks as attackers maintain high operational tempo and GenAI-driven data exposure persists.
Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), has released its Global Threat Intelligence insights for February 2026, revealing that organisations worldwide faced an average of 2,086 cyber attacks per week.
RELATED: Global cyber attacks surge in January 2026 as ransomware and GenAI risks intensify – Nigeria most hit in Africa
This represents an overall 9.6% increase compared to February 2025, while remaining essentially stable month-over-month compared to January 2026 (-0.2%).
Nigeria tops Africa in cyber attack volume
Of the four African countries included in the monthly insights, Nigeria continues to have the highest number of attacks at 4,326 per organisation per week (-1% YoY), followed by Angola at 3,937 attacks per organisation per week (-13% YoY), and then Kenya at 2,577 attacks per organisation per week (-37% YoY).
Although South Africa had the least amount of attacks per organisation per week at 2,204, the figure represents a 22% increase YoY. Overall, Africa recorded 2,993 attacks per organisation per week (-7% YoY).
Finance, government, retail: Africa’s top cyber targets
The top three most attacked sectors in Africa in February were Financial Services, Government, and Consumer Goods & Services.
“South African organisations are under acute pressure to stave off persistent cyber threats,” says Lorna Hardie, Regional Director: Africa for Check Point Software Technologies.
“Unmanaged GenAI usage continues to introduce new data exposure risks. Prevention-first, real-time protection powered by AI remains the most effective way to stop attacks before they cause operational or financial damage,” she adds.
Generative AI fuels widening data exposure
The February findings confirm that global cyber pressure has stabilised at historically high levels. While ransomware activity declined year over year due to an anomalous campaign observed in early 2025, overall attack volumes remain near record highs, driven by persistent automated attacks, expanding digital infrastructures, and widening exposure linked to the widespread use of Generative AI (GenAI) tools.
“February’s data shows that cyber risk is not episodic — it’s continuous. Even when ransomware activity fluctuates, attackers maintain constant pressure across industries and regions,” said Omer Dembinsky, Data Research Manager at Check Point Research.
GenAI Adoption Continues to Drive Data Exposure Risks while Education Remains the Top Target
The rapid adoption of GenAI tools across enterprises continues to introduce high-risk data leakage pathways. During February, 1 in every 31 GenAI prompts submitted from corporate networks posed a high risk of sensitive data exposure, impacting 88% of organisations that regularly use GenAI tools. An additional 16% of prompts contained potentially sensitive information, including internal documents, credentials, customer data, and proprietary content.
Organisations used an average of 11 different GenAI tools over the past month, many of which are likely unmanaged and operating outside formal governance frameworks. Meanwhile, the average enterprise user generated 62 GenAI prompts per month, underscoring how deeply AI-driven workflows are embedded into daily operations — often without sufficient visibility or controls.
The Education sector remained the most attacked globally, with institutions averaging 4,749 weekly attacks per organization (+7% YoY). Government entities followed with 2,714 weekly attacks (+2% YoY). Telecommunications ranked third, facing 2,699 attacks per week (+6% YoY), reflecting sustained targeting of connectivity-driven infrastructures and 5G-enabled ecosystems.
Regional Attack Volumes Remain Concentrated in Rapidly Digitising Economies
Regionally, Latin America recorded the highest attack volumes, averaging 3,123 attacks per organisation per week, alongside the largest year-over-year increase globally (+20%). APAC followed with 3,040 attacks per week (+3% YoY), while Africa recorded 2,993 attacks (-7% YoY).
Europe experienced an 11% year-over-year increase, while North America saw a 9% rise, confirming that mature markets continue to face sustained and growing cyber pressure alongside emerging digital economies.
Ransomware Threat Landscape: Activity Declines Year over Year but Risk Persists
Ransomware remained one of the most disruptive cyber threats in February, with 629 publicly reported attacks, reflecting a 32% decrease compared to February 2025. This decline is largely attributed to an unusually large ransomware campaign conducted by the Clop group during the same period last year. Excluding that anomalous event, ransomware activity remains broadly consistent year over year.
North America accounted for 57% of all reported ransomware incidents, followed by Europe (17%) and APAC (17%), confirming that attackers continue to prioritize regions with dense digital infrastructure and high-value economic targets.
At the country level, the United States represented 51% of global ransomware victims, followed by Canada (6%) and the United Kingdom (2.7%). While activity remains heavily concentrated in North America, the most impacted countries span multiple continents, underscoring the global reach of ransomware operations.
Across industries, Business Services was the most impacted sector (37%), followed by Consumer Goods & Services (13%) and Industrial Manufacturing (9%) industries where operational disruption provides significant leverage for extortion.
The leading ransomware groups in February were Qilin (15%), Clop (13%), and The Gentlemen (11%), collectively responsible for a substantial share of victim disclosures. Notably, 49 different ransomware groups publicly impacted organizations worldwide during the month, highlighting the scale and fragmentation of the ransomware ecosystem.
For more insights, Check Point Research Blog.
