Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), today released its Global Threat Intelligence insights for January 2026, revealing that organisations worldwide each faced an average of 2,090 cyber-attacks per week.
This represents a 3% increase from December and a 17% rise year-over-year, confirming continued escalation in global cyber pressure driven by intensified ransomware activity and widening exposure linked to the expanded use of Generative AI (GenAI) tools.
Among the four African countries included in the January insights, Nigeria had the highest number of attacks at 4,701 per organisation per week, a 12% YoY increase. This was up from 4 622 in December 2025. Angola followed with 4,512 attacks per organisation per week, down 7% from the same period last year. Kenya recorded 2,172 attacks per organisation per week, a 41% decrease from the same period last year. South African organisations were attacked 2,145 times per week, up 36% YoY.
Overall, Africa saw 2,864 attacks per organisation per week (−6% YoY). These attacks targeted a broad range of industries, with Government, Financial Services, and Consumer Goods and Services as the top three most targeted.
“January’s data shows that cyber-attacks are not only increasing but becoming more refined and opportunistic,” says Ian van Rensburg, Head: Security Engineering - Africa at Check Point Software Technologies.
This data is a red flag for African organisations focused on rapid digital transformation, to ensure their cybersecurity hygiene matches the rollout of their technology. Unchecked GenAI usage is opening new blind spots for organisations.
"Prevention-first, real-time protection powered by AI is the only effective way to stop attacks before they cause operational or financial damage,” he adds
GenAI adoption drives new data exposure risks while education remains the top target
The rapid adoption of GenAI tools across enterprises continues to introduce high-risk data leakage pathways. On 1 January, every 30 GenAI prompts submitted from corporate networks posed a significant risk of sensitive data exposure, impacting 93% of organisations using GenAI tools.
An additional share of prompts contained potentially sensitive information, including internal documents, personal identifiers, customer information, and proprietary source code. Organisations used an average of 10 different GenAI tools per month, many of which are likely unmanaged and operating outside formal governance structures, increasing the likelihood of accidental data spillover, ransomware infiltration, and AI-powered cyberattacks.
The education sector remained the most attacked globally, with institutions averaging 4,364 weekly attacks per organisation (+12% YoY). Government entities followed with 2,759 weekly attacks (+8% YoY). Telecommunications rose to third place, facing 2,647 attacks per week (+8% YoY), reflecting intensifying targeting of connectivity-driven infrastructures and 5G-enabled ecosystems.
Regionally, Latin America recorded the highest attack volumes, averaging 3,110 attacks per organisation per week (+33% YoY). APAC followed with 3,087 attacks (+7% YoY), Africa saw 2,864 (−6% YoY), Europe rose 18%, and North America increased 19% year-over-year.
Ransomware threat landscape: Activity rises 10% year-over-year
Ransomware remained one of the most destructive threats in January, with 678 publicly reported incidents, marking a 10% increase compared to January 2025. North America accounted for 52% of all known cases, followed by Europe at 24%, confirming that attackers remain focused on high-value economic regions. The United States alone represented 48% of global ransomware victims, followed by the United Kingdom (5%), Canada (4%), Germany (4%), Italy (3%), and Spain (3%).
Across industries globally, Business Services was the most impacted (33%), followed by Consumer Goods & Services (15%) and Industrial Manufacturing (11%), sectors where operational continuity is highly critical and disruption yields substantial leverage for extortion.
The leading ransomware groups in January were Qilin (15%), LockBit (12%), and Akira (9%), collectively responsible for a significant share of victim disclosures.
For more insights into January 2026 cyber trends, visit the Check Point Research Blog
