Check Point Research shows Africa most targeted region for cyber attacks in September with Gen AI surge

Check Point Research shows Africa most targeted region for cyber attacks in September with Gen AI surge.

Continent's organisations face an average of 2, 902 attacks per week, with telcos, government and consumer goods and services among the most targeted industry sectors.

Johannesburg, South Africa – October 09, 2025 Check Point Research, the threat intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cyber security solutions, today released its Global Threat Intelligence Report for September 2025, showing once again Africa as being the most targeted region for cyber attacks, with an average of 2,902 attacks per organisation per week. Telecommunications, government, and consumer goods and services led in terms of industries most targeted on the continent.

Angola was the most attacked in September with 3,045 weekly attacks per organisation (-54% YoY), followed by Kenya with 3,000 (-21% YoY), Nigeria with 2,749 (-32% YoY) and South Africa with 2054 (+26% YoY).

The report also shows that organisations worldwide each faced an average of 1,900 cyberattacks per week.

"As Africans, we are deeply concerned about the continent's vulnerability to cyber attacks. Especially as many of the attacks in September were prompted by the use of Generative AI," says Lorna Hardie, Regional Director: Africa, Check Point Software Technologies.

"The only sustainable defense is a prevention-first strategy powered by real-time AI, ensuring protection across the network, cloud, endpoints, and identities. Only through this approach can organisations stay ahead and protect critical operations from relentless adversaries,” she adds.

GenAI Introduces New Data Exposure Risks while Education Sector Still Most Targeted

With the rising use of Generative AI (GenAI) across all sectors, Check Point Research identified emerging risk from GenAI adoption: 1 in every 54 GenAI prompts from enterprise environments posed a high risk of sensitive data leakage, impacting 91% of organisations that use GenAI tools regularly.

An additional 15% of prompts contained potentially sensitive information, such as customer details, proprietary code, or internal communications, underscoring the growing need for AI governance and data protection measures.

Looking at impact on the sectors - the education sector once again was the most targeted globally, experiencing an average of 4,175 weekly attacks per organisation in September (–3% YoY). This consistent targeting reflects both the sector’s rapid digital transformation — which expands its attack surface — and its typically underfunded cyber security defenses, which make it a frequent and easy target for cybercriminals.

The telecommunications industry, vital to business continuity and consumer connectivity, suffered 2,703 weekly attacks per organisation (+6% YoY), highlighting its dual role as critical infrastructure and an access point to downstream targets. Government institutions, a long-standing focus for both criminal and nation-state actors, recorded 2,512 weekly attacks (–6% YoY).

While regionally, Africa reported the highest average number of weekly cyberattacks per organisation, no continent was spared. Latin America had an average of 2,826 per organisation per week (+7% YoY), APAC 2,668 (–10% YoY) with Europe registering 1,577 weekly attacks (–1% YoY), while North America stood out with a 17% year-over-year surge to 1,468 weekly attacks, driven in part by a sharp increase in ransomware incidents.

Ransomware Threat Landscape: North America Leads in Attack Growth

Ransomware remained one of the most disruptive and financially damaging cyber threats, with 562 publicly reported incidents globally in September, up 46% year-over-year. North America was the most affected region, accounting for 54% of reported cases, followed by Europe (19%).

By industry, the Construction & Engineering sector was the most impacted sector by ransomware, representing 11.4% of reported victims, closely followed by Business Services (11%) and Industrial Manufacturing (10.1%). Other sectors, including Financial Services, Healthcare, and Consumer Goods, were also significantly affected, illustrating ransomware’s broadening scope.

Leading ransomware groups included Qilin (14.1% of attacks), Play (9.3%), and Akira (7.3%). Qilin, one of the most established RaaS (Ransomware-as-a-Service) groups, continues to expand aggressively, while Play and Akira are increasingly targeting critical sectors like manufacturing and business services using Rust-based encryptors and advanced runtime controls.

Omer Dembinsky, Data Research Manager at Check Point Research, says “September’s threat data shows that while the overall volume of attacks has eased slightly, the impact and sophistication of cyber threats are intensifying. Ransomware remains the most destructive force, while the emergence of GenAI-related data leakage adds a new dimension of risk for organisations. Cybercriminals will likely seek to exploit every innovation faster than users can adapt."

For the full September 2025 Global Threat Intelligence Report and additional insights, visit the Check Point Blog.

Follow Check Point via:

LinkedIn: https://www.linkedin.com/company/check-point-software-technologies  

X: https://www.twitter.com/checkpointsw 

Facebook: https://www.facebook.com/checkpointsoftware 

Blog: https://blog.checkpoint.com  

YouTube: https://www.youtube.com/user/CPGlobal 

About Check Point Research

Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyses global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading protector of digital trust, utilising AI-powered cyber security solutions to safeguard over 100,000 organisations globally. Through its Infinity Platform and an open garden ecosystem, Check Point’s prevention-first approach delivers industry-leading security efficacy while reducing risk. Employing a hybrid mesh network architecture with SASE at its core, the Infinity Platform unifies the management of on-premises, cloud, and workspace environments to offer flexibility, simplicity and scale for enterprises and service providers.

Legal Notice Regarding Forward-Looking Statements

This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point’s industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialise, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on April 2, 2024. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.