Check Point Research reveals a dramatic 21% global surge in cyber attacks in Q2 2025, with the education sector hardest hit with over 4,300 weekly attacks. 

RELATED: Africa Cyber Surge Operation: Group-IB assists INTERPOL-led operation to combat cybercrime on continent

Africa experienced the highest number of attacks with an average of 3,365 weekly cyber attacks per organisation (+14% YoY). Europe saw the highest increase in attacks Q2 2025.

Every quarter, Check Point Research publishes the threats of the past three months, gathering intelligence from our ThreatCloud AI platform, which analyses millions of indicators of compromise (IoCs) daily. 

ADVERTISEMENT

Powered by over 50 AI-driven engines and sourced from more than 150,000 networks and millions of endpoints, this data provides a real-time view into the threats organisations face globally. In Q2 2025, that view revealed an accelerating wave of cyber attacks targeting almost every sector and region around the world.

In Q2 2025, the global average number of weekly cyber attacks per organisation reached 1,984, a 21% increase compared to the same period in 2024 and 58% higher than two years ago.

While this growth continues a long-standing trend, a closer look at industry and region-specific data highlights notable patterns, including continued high targeting of the education sector, and the most significant regional increase in attacks was seen across Europe.

Education Sector: Highest Volume of Attacks

In Q2, the top three most targeted sectors were:

• Education: 4,388 weekly cyber attacks per organisation (+31% YoY).
• Government: 2,632 weekly cyber attacks per organisation (+26% YoY).
• Telecommunications: 2,612 weekly cyber attacks per organisation (+38% YoY).

The surge in cyber attack numbers on the education sector reveals sustained pressure on this sector with attackers’ focus on possibly underfunded security defenses and the tempting wealth of student and staff credentials, ripe for exploitation. Government organisations remain attractive targets, with their sensitive data and ability to provide geopolitical leverage. Meanwhile, the telecommunications sector saw a significant increase, highlighting its critical role in national infrastructure, and the potential targeting of sensitive customer information.

ADVERTISEMENT

Regional Trends: Europe Reports the Highest Growth

In terms of regions, the top three in average weekly attacks per organisation were:

• Africa: 3,365 weekly cyber attacks per organisation (+14% YoY).
• APAC: 2,874 weekly cyber attacks per organisation (+15% YoY).
• Latin America: 2,803 weekly cyber attacks per organisation (+5% YoY).

While Europe’s average volume was not the highest, it did show the largest YoY increase, at 22%, indicating an upward trend in threat activity within the region, as attackers exploit geopolitical tensions, regulatory fragmentation and the region’s high concentration of highly valuable data. 

Ransomware by the Numbers

Based on public data from double-extortion “shame sites,” approximately 1,600 ransomware incidents were reported globally in Q2 2025. These disclosures provide visibility into some of the quarter’s most high-impact attacks.

The regional ransomware breakdown can be seen in the visual below, with North America accounting for 53% of the reported incidents, and Europe for  25%.

Note: Ransomware data is based on public disclosures from threat actor-controlled leak sites and may not reflect all incidents globally.

Business services, industrial manufacturing, and construction & engineering are the top three industries affected by ransomware. The table below shows the top 10 industries based on the “shame site” reportings.

Key Takeaways from Q2 2025

• Global attacks per organisation continued to climb, with a 21% increase YoY.
• The education sector continues to report the highest volume of attacks, more than double the global average.
• Europe experienced the highest YoY growth in regional attack volume.
• Ransomware activity remained prominent, with notable concentration in North America and Europe.

What to Watch Going Forward

As the cyber threat landscape continues to evolve, we’ll be closely tracking:

• Shifts in sector-specific targeting.
• Regional variances in attack volumes.
• Ongoing ransomware disclosures via public sources.

How Organisations Can Stay Protected

As cyber attacks grow in volume and reach, organisations need to be proactive, not reactive. A prevention-first strategy, supported by layered defenses and continuous visibility, remains key.

To better combat today’s threat landscape:

• Invest in threat prevention: Use advanced security technologies such as intrusion prevention systems (IPS), anti-ransomware tools, and threat intelligence to block attacks before they cause damage.
• Strengthen endpoint and network defenses: Implement robust firewalls, email security, and endpoint protection platforms to reduce attack surfaces.
• Promote user awareness: Run regular training and simulated phishing exercises to help employees recognise and report suspicious activity.
• Ensure backup and recovery readiness: Maintain up-to-date, segmented backups and test recovery processes regularly to limit downtime in the event of ransomware or other disruptions.
• Adopt zero trust principles: Continuously verify access permissions and segment networks to minimise lateral movement.
• Stay informed: Monitor threat intelligence feeds and industry alerts to anticipate emerging threats.

While no single solution can completely eliminate cyber risk, organisations can significantly enhance their resilience by implementing multiple coordinated layers of protection. This approach helps to reduce both the likelihood and impact of a successful attack. To stay updated on new threats and the continually evolving threat landscape, visit Check Point Research.