Check Point Software’s 2026 Cyber Security Report Shows Global Attacks Reach Record Levels as AI Accelerates the Threat Landscape

Check Point Software’s 2026 Cyber Security Report Shows Global Attacks Reach Record Levels as AI Accelerates the Threat Landscape

Organisations face nearly 2,000 cyber attacks per week as attackers combine automation, AI, and social engineering across multiple channels

Johannesburg, SA. January 28, 2026 -- Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cyber security solutions, today released its Cyber Security Report 2026, the company’s 14th annual analysis of global cyber attack trends.

The report reveals that organisations experienced an average of 1,968 cyber attacks per week in 2025, representing a 70% increase since 2023, as attackers increasingly leverage automation and AI to move faster, scale more easily, and operate across multiple attack surfaces simultaneously.

AI is driving one of the fastest security shifts the industry has experienced, forcing organisations to reassess long-standing assumptions about how attacks originate, spread, and are stopped. Capabilities once limited to highly resourced threat actors are now widely accessible, enabling more personalised, coordinated, and scalable attacks against organisations of all sizes.

“AI is changing the mechanics of cyber attacks, not just their volume,” said Lotem Finkelstein, VP of Research at Check Point Software. “We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate.”

Key Findings from the Cyber Security Report 2026

The report highlights a clear shift toward integrated, multi-channel attack campaigns that combine human deception with machine-speed automation:

AI-Driven Attacks Become More Autonomous: AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering, and operational decision-making. During a three-month period, 89% of organisations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk, exposing new risks as AI becomes embedded in everyday business workflows.Ransomware Operations Continue to Fragment and Scale: The ransomware ecosystem has decentralised into smaller, specialized groups, contributing to a53 % year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation, and operational efficiency.Social Engineering Expands Beyond Email: Attackers are increasingly coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms, and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit.Edge and Infrastructure Weaknesses Increase Exposure: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points to blend into legitimate network traffic. New Risks Emerge in AI Infrastructure: An analysis conducted by Lakera, a Check Point company, identified security weaknesses in 40% of 10,000 Model Context Protocol (MCP) servers reviewed, highlighting growing exposure as AI systems, models, and agents become embedded in enterprise environments.

Recommendations for Security Leaders

The Cyber Security Report 2026 shows that defending against AI-driven threats requires rethinking how security is designed and enforced, not simply reacting faster. Based on the trends observed, Check Point recommends that organizations:

Revalidate Security Foundations for the AI Era: AI-driven attacks exploit speed, automation, and trust across environments not built for machine-paced threats. Organizations should reassess controls across networks, endpoints, cloud, email, and SASE to stop autonomous, coordinated attacks early.Enable AI Adoption Securely: As AI becomes embedded in daily workflows, blocking its use can increase risk. Security teams should apply governance and visibility to sanctioned and unsanctioned AI usage to reduce exposure from high-risk prompts, data leakage, and misuse.Protect the Digital Workspace: Social engineering now spans email, browsers, collaboration tools, SaaS applications, and voice channels. Security strategies must protect the workspace where human trust and AI-driven automation intersect.Harden Edge and Infrastructure: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly exploited as stealthy entry points. Actively inventorying and securing these assets helps reduce hidden exposure and attacker persistence.Adopt a Prevention-First Approach: With attacks operating at machine speed, prevention-led security is essential to stop threats before lateral movement; data loss, or extortion can occur.Unify Visibility Across Hybrid Environments: Consistent visibility and enforcement across on-premises, cloud, and edge environments reduce blind spots, lower complexity, and strengthen resilience.

Availability

The full Cyber Security Report 2026 is available for download here. Check Point will also host a livestream discussing key findings and recommendations from the report.

Follow Check Point on LinkedIn, X (formerly Twitter), Facebook, YouTube and our blog. 

About Check Point Software Technologies Ltd.  

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading protector of digital trust, utilizing AI-powered cyber security solutions to safeguard over 100,000 organizations globally. Through its Infinity Platform and an open garden ecosystem, Check Point’s prevention-first approach delivers industry-leading security efficacy while reducing risk. Employing a hybrid mesh network architecture with SASE at its core, the Infinity Platform unifies the management of on-premises, cloud, and workspace environments to offer flexibility, simplicity and scale for enterprises and service providers.

Legal Notice Regarding Forward-Looking Statements 

This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point’s industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on March 17, 2025. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.