Check Point Research, the threat intelligence arm of Check Point® Software Technologies Ltd., today released its Global Threat Intelligence insights for June 2026, revealing that organisations worldwide experienced an average of 2,270 cyber attacks per week, representing a 10% increase month on month and a 17% increase year on year. Among the four African countries included in the insights, Angola remained the most attacked country, with 4 890 attacks per organisation per week, followed by Nigeria at 4 361, Kenya at 2 646, and South Africa at 2 065.
Latin America remained the most attacked region, with organisations reporting an average of 3,501 weekly attacks, a 27% increase compared with June 2025. APAC followed at 3,060 weekly attacks, up 5%, while Africa recorded 3,008 weekly attacks, down 9% year on year but still among the highest-volume regions globally. Government, Energy and Utilities, and Financial Services were the most-attacked sectors in Africa in June.
“June’s data shows a broad rebound in cyber activity, not a single isolated spike,” said Ian van Rensburg, Head: Security Engineering Africa, Check Point Software Technologies. “Attackers are widening their reach across countries and industries, while ransomware groups continue to reorganise and scale. The rise of The Gentlemen to the top of the ransomware leaderboard is a clear reminder that new operators can rapidly become major global threats. Organisations need prevention-first, AI-driven security that protects networks, users, data, and AI workflows before attacks can cause impact.”
Education, government and telecommunications globally remain the most targeted industries
In June, Education remained the most targeted sector globally, with organisations facing an average of 4,816 weekly attacks, a 16% increase compared with June 2025. Open campus networks, constant device turnover and constrained security resources continue to make schools and universities attractive targets for threat actors.
Government followed with 2,836 weekly attacks, up 5% year on year, while Telecommunications ranked third with 2,835 weekly attacks, a 13% increase. Together, these three sectors continue to absorb a disproportionate share of global attack volume, reinforcing a pattern that has remained consistent across recent months.
GenAI exposure holds steady as healthcare and telecommunications carry the highest risk
GenAI-related exposure remained a persistent enterprise risk in June. Check Point Research found that one in every 26 GenAI prompts submitted from enterprise networks carried a high risk of sensitive data leakage, equal to a global exposure rate of 3.9%. High-risk prompt activity affected 85% of organisations that regularly use GenAI tools, while a further 27% of prompts contained potentially sensitive information. Each organisation used an average of seven different GenAI tools over the past month, and the average user generated 78 prompts.
Latin America recorded the highest GenAI exposure rate with 5.2% of prompts carrying a high risk of sensitive data leakage, well above the global benchmark, while Europe matched the global average at 3.9%. By industry, Healthcare and Medical carried the highest exposure at 5.7%, followed by Telecommunications and Business Services at 5.1% each, and Information Technology at 4.1%. Personal data appeared across 80% of affected organisations, followed by network and infrastructure details, legal and regulatory material, financial data, and employee records, showing that GenAI exposure cuts across multiple business functions.
Ransomware keeps climbing, with business services in the crosshairs
Ransomware attacks totaled 646 in June, a 33% increase compared with the same month in 2025. Business Services remained the most affected industry, accounting for 31% of reported victims, followed by Consumer Goods and Services at 16% and Industrial Manufacturing at 14%. Government also continued to rise as a share of ransomware victims, increasing from 4.0% in April to 5.4% in June.
Notably, APAC saw a sharp rise in the number of victims, surpassing Europe and becoming the second most impacted region following North America.
The Gentlemen overtakes Qilin as the most active ransomware group
The most significant ransomware shift in June came at the group level. The Gentlemen became the most prevalent ransomware group, responsible for 17% of published attacks, overtaking Qilin, which accounted for 11%. LockBit also recorded a notable increase, rising from 1% of published attacks in May to 7% in June, making it the third most prevalent group. The Gentlemen’s rapid rise reflects the continued ability of emerging ransomware-as-a-service operations to scale quickly through affiliate recruitment, pre-positioned access and evolving evasion techniques.
For more insights into June 2026 cyber threat trends, visit the Check Point Research Blog.