South African organisations were hit by an average of 2 065 cyber attacks per week in June, as cyber criminals stepped up activity globally and ransomware incidents surged by a third.
This is according to Check Point Research, the Threat Intelligence arm of Check Point Software Technologies.
Meanwhile, in January 2026, South African organisations faced an average of 2 145 cyber attacks per week. This marked a 3% increase from December 2025 and a 17% rise compared to January 2025.
According to Statista, global cyber crime costs reached $10.29 trillion in 2025 and will rise to approximately $16 trillion by 2029. The figures highlight the growing scale of cyber threats, which include ransomware, phishing, credential theft and fraud.
Checkpoint’s latest Global Threat Intelligence report shows organisations worldwide experienced an average of 2 270 attacks per week during June, representing a 10% increase from May and a 17% rise year-on-year.
While South Africa recorded fewer attacks than Angola, Nigeria and Kenya, the country remains among Africa's most targeted markets as threat actors continue to broaden their reach across industries.
Among the African countries tracked in the report, Angola recorded the highest number of attacks, averaging 4 890 cyber attacks per organisation per week, followed by Nigeria (4 361), Kenya (2 646) and South Africa (2 065).
Across Africa, organisations experienced an average of 3 008 attacks per week. Although this was down 9% compared to June 2025, the continent remained one of the world's most targeted regions. Government, energy and utilities, and financial services were the sectors most frequently targeted during the month.
“June’s data shows a broad rebound in cyber activity, not a single isolated spike,” says Ian van Rensburg, head of security engineering for Africa at Check Point Software Technologies.
“Attackers are widening their reach across countries and industries, while ransomware groups continue to reorganise and scale. Organisations need prevention-first, AI-driven security that protects networks, users, data and AI workflows before attacks can cause impact.”
Globally, the education sector remained the most targeted industry, with organisations facing an average of 4 816 cyber attacks per week, a 16% increase compared to June last year.
Government ranked second, with 2 836 weekly attacks, followed closely by telecommunications, with 2 835.
According to the report, schools and universities remain attractive targets because of open networks, large numbers of users and often limited cyber security resources.
Ransomware activity also accelerated during June, with 646 publicly reported victims, representing a 33% increase compared to the same month in 2025.
Business services accounted for 31% of ransomware victims, followed by consumer goods and services (16%) and industrial manufacturing (14%). Government organisations also made up a growing share of ransomware victims.
One of the biggest shifts was the emergence of The Gentlemen as the world's most active ransomware group. The gang was linked to 17% of published ransomware attacks, overtaking Qilin, which accounted for 11%.
Meanwhile, LockBit, once the dominant ransomware operation before international law enforcement action disrupted its activities, increased its share of attacks from 1% in May, to 7% in June, making it the third most active ransomware group.
The report says the rapid rise of The Gentlemen illustrates how quickly new ransomware-as-a-service operations can establish themselves by recruiting affiliates and exploiting existing access to compromised networks.
The AI factor
The research also highlights the growing security risks associated with enterprise use of generative AI (GenAI) tools.
According to Check Point, 3.9% of prompts submitted to GenAI platforms from corporate networks contained a high risk of exposing sensitive information. The company found that 85% of organisations using GenAI experienced high-risk prompt activity during the month.
Healthcare recorded the highest exposure rate at 5.7%, followed by telecommunications and business services at 5.1% each. Information technology organisations recorded an exposure rate of 4.1%.
Personal information was the most common type of sensitive data detected in prompts, followed by network infrastructure details, legal documents, financial information and employee records.

