Global Cyber Attacks Rise in January 2026 as Ransomware Activity Increases and GenAI-Driven Data Exposure Expands

Global Cyber Attacks Rise in January 2026 as Ransomware Activity Increases and GenAI-Driven Data Exposure Expands

New findings reveal mounting pressure on global networks as attackers sharpen their tactics – African countries remain vulnerable

Johannesburg, SA – February 11 2026 – Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), today released its Global Threat Intelligence insights for January 2026, revealing that organisations worldwide each faced an average of 2,090 cyber-attacks per week.

This represents a 3% increase from December and a 17% rise year-over-year, confirming continued escalation in global cyber pressure driven by intensified ransomware activity and widening exposure linked to the expanded use of Generative AI (GenAI) tools.

Among the four African countries included in the January insights, Nigeria had the highest number of attacks at 4,701 per organisation per week, a 12% YoY increase. This was up from 4 622 in December 2025. Angola followed with 4,512 attacks per organisation per week, down 7% from the same period last year.  Kenya had 2,172 attacks per organisation per week, a decrease of 41% from the same period last year.  South African organisations were attacked 2,145 times per week, up 36% YoY. 

Overall, Africa saw 2,864 attacks per organisation per week (−6% YoY). These attacks were focused on a broad spectrum of industries, with Government, Financial Services, and Consumer Goods and Services being the top three most targeted.

“January’s data shows that cyber-attacks are not only increasing but becoming more refined and opportunistic,” says Ian van Rensburg, Head: Security Engineering - Africa at Check Point Software Technologies.   

This data is a red flag for African organisations focused on rapid digital transformation, to ensure their cyber security hygiene matches the rollout of their technology. Unchecked GenAI usage is opening new blind spots for organisations.

Prevention-first, real-time protection powered by AI is the only effective way to stop attacks before they cause operational or financial damage,” he adds

GenAI Adoption Drives New Data Exposure Risks while Education Remains the Top Target

The rapid adoption of GenAI tools across enterprises continues to introduce high-risk data leakage pathways. In January 1 in every 30 GenAI prompts submitted from corporate networks posed a significant risk of sensitive data exposure, impacting 93% of organisations using GenAI tools.

An additional share of prompts contained potentially sensitive information, including internal documents, personal identifiers, customer information, and proprietary source code. Organisations used an average of 10 different GenAI tools per month, many of which are likely unmanaged and operating outside formal governance structures, increasing the likelihood of accidental data spillover, ransomware infiltration, and AI-powered cyber-attacks.

The Education sector remained the most attacked globally, with institutions averaging 4,364 weekly attacks per organisation (+12% YoY). Government entities followed with 2,759 weekly attacks (+8% YoY). Telecommunications rose to third place, facing 2,647 attacks per week (+8% YoY), reflecting intensifying targeting of connectivity-driven infrastructures and 5G-enabled ecosystems.

Regionally, Latin America recorded the highest attack volumes, averaging 3,110 attacks per organisation per week (+33% YoY). APAC followed with 3,087 attacks (+7% YoY), Africa saw 2,864 (−6% YoY), Europe rose 18%, and North America increased 19% year-over-year.

Ransomware Threat Landscape: Activity Rises 10% Year-over-Year

Ransomware remained one of the most destructive threats in January, with 678 publicly reported incidents, marking a 10% increase compared to January 2025. North America accounted for 52% of all known cases, followed by Europe at 24%, confirming that attackers remain focused on high-value economic regions. The United States alone represented 48% of global ransomware victims, followed by the United Kingdom (5%), Canada (4%), Germany (4%), Italy (3%), and Spain (3%).

Across industries globally, Business Services was the most impacted (33%), followed by Consumer Goods & Services (15%) and Industrial Manufacturing (11%), sectors where operational continuity is highly critical and disruption yields substantial leverage for extortion.

The leading ransomware groups in January were Qilin (15%), LockBit (12%), and Akira (9%), collectively responsible for a significant share of victim disclosures.

For more insights into January 2026 cyber trends, visit the Check Point Research Blog

Check Point on LinkedIn, X (formerly Twitter), Facebook, YouTube  and our blog.  

About Check Point Software Technologies Ltd. 

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading protector of digital trust, utilising AI-powered cyber security solutions to safeguard over 100,000 organisations globally. Through its Infinity Platform and an open garden ecosystem, Check Point’s prevention-first approach delivers industry-leading security efficacy while reducing risk. Employing a hybrid mesh network architecture with SASE at its core, the Infinity Platform unifies the management of on-premises, cloud, and workspace environments to offer flexibility, simplicity and scale for enterprises and service providers.