In January 2026, South African organisations faced an average of 2 145 cyber attacks per week, a 36% increase year-on-year (YOY).
This is according to Check Point Research, the Threat Intelligence arm of Check Point Software Technologies, in its Global Threat Intelligence insights for January 2026, which reveals organisations worldwide each faced an average of 2 090 cyber attacks per week.
This marks a 3% increase from December and a 17% rise compared to January 2025. This growth reflects a landscape increasingly shaped by the expansion of ransomware activity and mounting data‑exposure risks driven by widespread generative artificial intelligence (GenAI) adoption, Check Point explains.
Among the four African countries included in the January insights, Nigeria had the highest number of attacks at 4 701 per organisation per week, a 12% YOY increase. This was up from 4 622 in December 2025.
Angola followed with 4 512 attacks per organisation per week, down 7% from the same period last year. Kenya had 2 172 attacks per organisation per week, a decrease of 41% from the same period last year.
Overall, Africa saw 2 864 attacks per organisation per week (−6% YOY). Check Point explains that these attacks were focused on a broad spectrum of industries, with government, financial services, as well as consumer goods and services being the top three most targeted.
“January’s data shows that cyber attacks are not only increasing but becoming more refined and opportunistic,” says Ian Jansen van Rensburg, head of security engineering for Africa at Check Point Software Technologies.
“This data is a red flag for African organisations focused on rapid digital transformation, to ensure their cyber security hygiene matches the rollout of their technology. Unchecked GenAI usage is opening new blind spots for organisations.
“Prevention-first, real-time protection powered by AI is the only effective way to stop attacks before they cause operational or financial damage,” he adds.
According to Check Point, the rapid adoption of GenAI tools across enterprises continues to introduce high-risk data leakage pathways.
The firm states that in January, one in every 30 GenAI prompts submitted from corporate networks posed a significant risk of sensitive data exposure, impacting 93% of organisations using GenAI tools.
An additional share of prompts contained potentially sensitive information, including internal documents, personal identifiers, customer information and proprietary source code, it adds.
Check Point notes that organisations used an average of 10 different GenAI tools per month, many of which are likely unmanaged and operating outside formal governance structures, increasing the likelihood of accidental data spill-over, ransomware infiltration and AI-powered cyber attacks.
Globally, the education sector remained the most attacked, with institutions averaging 4 364 weekly attacks per organisation (+12% YOY).
Government entities followed, with 2 759 weekly attacks (+8% YOY). Telecommunications rose to third place, facing 2 647 attacks per week (+8% YOY), reflecting intensifying targeting of connectivity-driven infrastructures and 5G-enabled ecosystems.
Regionally, Latin America recorded the highest attack volumes, averaging 3 110 attacks per organisation per week (+33% YOY). Asia-Pacific followed with 3 087 attacks; Europe rose 18% and North America increased 19% YOY.
Check Point notes that ransomware remained one of the most destructive threats in January, with 678 publicly reported incidents, marking a 10% increase compared to January 2025.
North America accounted for 52% of all known cases, followed by Europe at 24%, confirming that attackers remain focused on high-value economic regions, it says. The US alone represented 48% of global ransomware victims, followed by the UK (5%), Canada (4%), Germany (4%), Italy (3%) and Spain (3%).
Across industries globally, the business services sector was the most impacted (33%), followed by consumer goods and services (15%), and industrial manufacturing (11%). These are sectors where operational continuity is highly-critical and disruption yields substantial leverage for extortion.
The leading ransomware groups in January were Qilin (15%), LockBit (12%) and Akira (9%), collectively responsible for a significant share of victim disclosures, Check Point reveals.
Share