Feb 16: Check Point Software Technologies Ltd., a global leader in cyber security solutions, today announced the release of its Cyber Security Report 2026, marking the company’s 14th annual analysis of global cyber attack trends.
The report reveals that organizations worldwide experienced an average of 1,968 cyber attacks per week in 2025, representing a 70% increase since 2023, as attackers increasingly leverage automation and artificial intelligence (AI) to scale operations, accelerate reconnaissance, and execute coordinated campaigns across multiple attack surfaces.
In India, the weekly average cyber attacks stood at 3,195 per organization in 2025, reflecting a 2% increase compared to 2024.
Education Most Targeted Sector in India
The report highlights that Education was the most heavily targeted sector in India in 2025, recording 7,684 weekly attacks per organization. Other heavily targeted industries included:
- Government: 4,912
- Business Services: 3,747
- Construction & Engineering: 3,671
- Consumer Goods & Services: 3,658
- Energy & Utilities: 3,116
- Telecommunications: 3,002
- Financial Services: 2,459
- Industrial Manufacturing: 2,332
- Software: 2,328
AI Reshapes the Cyber Threat Landscape
According to the report, AI is driving one of the fastest security shifts the industry has experienced. Capabilities once limited to highly resourced threat actors are now widely accessible, enabling more personalized, coordinated, and scalable attacks against organizations of all sizes.
“AI is changing the mechanics of cyber attacks, not just their volume,” said Lotem Finkelstein, VP of Research at Check Point Software. “We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate.”
Key Findings from Cyber Security Report 2026
The report identifies a clear shift toward integrated, multi-channel campaigns combining human deception with machine-speed automation:
AI-Driven Attacks Become More Autonomous
AI is increasingly embedded across attack workflows. Over a three-month period, 89% of organizations encountered risky AI prompts, with approximately 1 in every 41 prompts classified as high risk, exposing new vulnerabilities as AI tools become embedded in business workflows.
Ransomware Ecosystem Expands and Fragments
Ransomware operations have decentralized into smaller, specialized groups, contributing to a 53% year-over-year increase in extorted victims and a 50% rise in ransomware-as-a-service groups. AI is now being used to accelerate targeting and negotiation processes.
Social Engineering Moves Beyond Email
Attackers are coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into structured enterprise intrusion attempts.
Edge and Infrastructure Vulnerabilities Grow
Unmonitored edge devices, VPN appliances, and IoT systems are increasingly exploited as stealth entry points, blending malicious activity with legitimate traffic.
AI Infrastructure Risks Increase
An analysis by Lakera, a Check Point company, found security weaknesses in 40% of 10,000 Model Context Protocol (MCP) servers reviewed, highlighting emerging risks as AI systems and agents become embedded in enterprise environments.
Recommendations for Security Leaders
The report emphasizes that defending against AI-driven threats requires structural changes in how security is designed and enforced. Check Point recommends organizations:
- Revalidate Security Foundations for the AI Era: Reassess controls across networks, endpoints, cloud, email, and SASE to stop coordinated AI-driven attacks early.
- Enable AI Adoption Securely: Apply governance and visibility across sanctioned and unsanctioned AI usage to mitigate high-risk prompts and data leakage.
- Protect the Digital Workspace: Secure email, browsers, collaboration platforms, SaaS applications, and voice channels where AI-driven automation and human trust intersect.
- Harden Edge and Infrastructure: Actively inventory and secure VPNs, IoT devices, and edge systems to reduce hidden exposure.
- Adopt a Prevention-First Approach: Stop threats before lateral movement, data loss, or extortion occurs.
- Unify Visibility Across Hybrid Environments: Maintain consistent enforcement across on-premises, cloud, and edge ecosystems to reduce blind spots.