Organisations experienced an average of 1 968 cyber attacks per week in 2025, representing a 70% increase since 2023, as attackers increasingly leverage automation and AI to move faster, scale more easily and operate across multiple attack surfaces simultaneously.
This is according to the Check Point Software Technologies’ 14th annual Cyber Security Report 2026.
The report states that AI is driving one of the fastest security shifts the industry has experienced, forcing organisations to reassess long-standing assumptions about how attacks originate, spread and are stopped.
Capabilities once limited to highly resourced threat actors are now widely accessible, enabling more personalised, co-ordinated and scalable attacks against organisations of all sizes, it adds.
It also highlights a clear shift towards integrated, multi-channel attack campaigns that combine human deception with machine-speed automation.
Key findings of the report include:
- AI-driven attacks become more autonomous: AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering and operational decision-making. During a three-month period, 89% of organisations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk, exposing new risks as AI becomes embedded in everyday business workflows.
- Ransomware operations continue to fragment and scale: The ransomware ecosystem has decentralised into smaller, specialised groups, contributing to a 53% year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation and operational efficiency.
- Social engineering expands beyond e-mail: Attackers are increasingly co-ordinating campaigns across e-mail, web, phone and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit.
- Edge and infrastructure weaknesses increase exposure: Unmonitored edge devices, VPN appliances and IOT systems are increasingly used as operational relay points to blend into legitimate network traffic.
- New risks emerge in AI infrastructure: An analysis conducted by Check Point company Lakera identified security weaknesses in 40% of 10 000 Model Context Protocol (MCP) servers reviewed, highlighting growing exposure as AI systems, models and agents become embedded in enterprise environments.
Lotem Finkelstein, VP of Research at Check Point Software, said: “AI is changing the mechanics of cyber attacks, not just their volume. We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate.”
AI-generated deception
These global findings are similar to what Africa is experiencing as outlined in the Check Point African Perspectives on Cyber Security Report 2025, which listed agentic AI deployed ahead of governance frameworks as among the top cyber security trends this year.
It adds that in the continent’s mobile-first economy, AI-generated deception is now the fastest-growing cyber threat.
According to the report, African organisations face an average of 3 153 cyber attacks per week – 60% higher than the global average – placing the continent at a critical intersection between accelerated AI adoption and escalating systemic risk.
The Cyber Security Report 2026 highlights that AI-driven threats require a fundamental shift in how security is designed and enforced, rather than faster reaction alone.
Check Point advises organisations to strengthen core security controls to counter machine-paced, autonomous attacks, while enabling AI adoption through governance and visibility to reduce misuse and data leakage.
Protection must extend across the digital workspace, where social engineering now spans multiple communication and collaboration channels. Reducing risk also requires hardening edge and infrastructure assets that are increasingly exploited as covert entry points.
The company advocates a prevention-first strategy, combined with unified visibility across hybrid environments, is essential to minimise blind spots, limit attacker movement and improve overall resilience.
Share