Ransomware surges, genAI fuels data exposure as global cyber attacks intensify — Check Point report

Latin America Records Sharpest Rise as Nigeria Leads Africa in Weekly Attack Volume

Global cyber threats escalated sharply in December 2025, with ransomware growth, and regional concentration of attacks. This is in addition to rising enterprise data exposure linked to Generative AI redefining the digital risk landscape, according to Check Point Research, the threat intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP).

RELATED: Global cyberattacks surge to driven by ransomware and GenAI risks

The firm’s December 2025 Global Cyber Attack Statistics reveal that organisations worldwide faced sustained cyber pressure. Attacks averaged 2,027 per organisation per week , a 1% increase month-on-month and a 9% rise compared to December 2024.

Latin America Emerges as New Cybercrime Hotspot

Regionally, Latin America recorded the fastest growth in cyber attacks, with organisations experiencing an average of 3,065 attacks per week. This represents a 26% year-on-year increase, the highest of any region globally.

Africa, by contrast, recorded a year-on-year decline. This is reflecting what analysts describe as a shift in criminal focus rather than a reduction in threat intensity.

Among African countries tracked in the report, Nigeria topped the list with 4,622 weekly attacks per organisation, a 2% increase year-on-year. It was followed by Angola (4,002, -10%), Kenya (2,130, -41%), and South Africa (1,850, +17%).

ADVERTISEMENT

The most targeted industries on the continent were Financial Services, Transportation & Logistics, and Government.

“The data highlights how attackers are expanding operations into fast-digitising regions where security maturity varies significantly,” said Hendrik de Bruin, Head of Security Consulting at Check Point Software.

Ransomware Attacks Spike by 60%

Ransomware remained the most disruptive cyber threat globally, with 945 publicly reported incidents in December, marking a 60% increase compared to December 2024.

North America accounted for 52% of ransomware cases, followed by Europe at 23%, underlining the continued focus of cybercriminals on economically high-value regions.

“Cyber risk is no longer about isolated spikes, but continuous pressure,” said Omer Dembinsky, Data Research Manager at Check Point Research.
“Ransomware is scaling through industrialised operations, while unmanaged GenAI usage is creating widespread data exposure across enterprises.”

Education, Government and Nonprofits Under Heavy Fire

The Education sector remained the most targeted globally, facing an average of 4,349 cyber attacks per week, a 12% year-on-year increase.

The Government sector followed closely with 2,666 attacks per week, while Associations and Non-Profits recorded the second-highest growth rate across industries, at 56% year-on-year, with 2,509 attacks per week.

ADVERTISEMENT

Limited cybersecurity budgets, expanding digital footprints and ageing infrastructure continue to expose these sectors to heightened risk.

GenAI Adoption Creates New Data Security Blind Spots

The rapid enterprise adoption of Generative AI is introducing a new class of cybersecurity and data protection risks.

In December 2025 alone, Check Point Research found that:

• 1 in every 27 GenAI prompts posed a high risk of sensitive data leakage
• 91% of organisations using GenAI tools experienced high-risk prompt activity
• 25% of prompts contained potentially sensitive or confidential information
• Organisations used an average of 11 different GenAI tools
• The average enterprise user generated 56 prompts per month

Analysts warn that sensitive corporate data — including personally identifiable information (PII), internal IT assets and proprietary source code — is frequently uploaded to third-party GenAI platforms without adequate security controls.

With GenAI now embedded in daily business operations, the absence of clear governance frameworks is accelerating exposure to data loss and AI-enabled cyber threats.

Qilin Leads Ransomware Campaigns as RaaS Expands

Among ransomware operators, Qilin emerged as the most active group in December, responsible for 18% of publicly disclosed attacks. LockBit5 followed with 12%, while Akira accounted for 7%, continuing to target Windows, Linux and virtualised ESXi environments.

The rapid expansion of Ransomware-as-a-Service (RaaS) models is lowering barriers for cybercriminals and accelerating the global spread of ransomware operations.

Cybersecurity Outlook: Persistent Risks into 2026

Check Point’s data shows that organisations are entering 2026 facing structural, not temporary, cyber risk — driven by relentless ransomware pressure and systemic GenAI-related data exposure.

“Strengthening ransomware resilience, deploying AI-powered prevention tools and enforcing clear GenAI governance will be critical to reducing cyber risk in the year ahead,” de Bruin said.