Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd, a pioneer and global leader in cyber security solutions, today released its Global Threat Intelligence Report for September 2025, showing that organizations worldwide each faced an average of 1,900 cyberattacks per week. While this marked a 4% decrease from August, it represented a 1% increase year-over-year, confirming that global cyber threats remain at historically elevated levels despite periodic fluctuations.
GenAI Introduces New Data Exposure Risks while Education Sector Still Most Targeted
With the rising use of Generative AI (GenAI) across all sectors, Check Point Research identified emerging risk from GenAI adoption: 1 in every 54 GenAI prompts from enterprise environments posed a high risk of sensitive data leakage, impacting 91% of organizations that use GenAI tools regularly. An additional 15% of prompts contained potentially sensitive information, such as customer details, proprietary code, or internal communications, underscoring the growing need for AI governance and data protection measures.
Looking at impact on the sectors – the education sector once again was the most targeted globally, experiencing an average of 4,175 weekly attacks per organization in September (–3% YoY). This consistent targeting reflects both the sector’s rapid digital transformation — which expands its attack surface — and its typically underfunded cyber security defenses, which make it a frequent and easy target for cybercriminals.
The telecommunications industry, vital to business continuity and consumer connectivity, suffered 2,703 weekly attacks per organization (+6% YoY), highlighting its dual role as critical infrastructure and an access point to downstream targets. Government institutions, a long-standing focus for both criminal and nation-state actors, recorded 2,512 weekly attacks (–6% YoY).
Regionally, Africa reported the highest average number of weekly cyberattacks per organization, with 2,902 (–10% YoY), followed by Latin America (2,826, +7% YoY) and APAC (2,668, –10% YoY). Europe registered 1,577 weekly attacks (–1% YoY), while North America stood out with a 17% year-over-year surge to 1,468 weekly attacks, driven in part by a sharp increase in ransomware incidents.
Ransomware Threat Landscape: North America Leads in Attack Growth
Ransomware remained one of the most disruptive and financially damaging cyber threats, with 562 publicly reported incidents globally in September, up 46% year-over-year. North America was the most affected region, accounting for 54% of reported cases, followed by Europe (19%). The United States alone represented 52% of all published ransomware cases, followed by Korea (5%) and the United Kingdom (4%).
By industry, the Construction & Engineering sector was the most impacted sector by ransomware, representing 11.4% of reported victims, closely followed by Business Services (11%) and Industrial Manufacturing (10.1%). Other sectors, including Financial Services, Healthcare, and Consumer Goods, were also significantly affected, illustrating ransomware’s broadening scope.
Leading ransomware groups included Qilin (14.1% of attacks), Play (9.3%), and Akira (7.3%). Qilin, one of the most established RaaS (Ransomware-as-a-Service) groups, continues to expand aggressively, while Play and Akira are increasingly targeting critical sectors like manufacturing and business services using Rust-based encryptors and advanced runtime controls.
Omer Dembinsky, Data Research Manager at Check Point Research, says “September’s threat data shows that while the overall volume of attacks has eased slightly, the impact and sophistication of cyber threats are intensifying. Ransomware remains the most destructive force, while the emergence of GenAI-related data leakage adds a new dimension of risk for organizations. Cybercriminals will likely seek to exploit every innovation faster than users can adapt. The only sustainable defense is a prevention-first strategy powered by real-time AI, ensuring protection across the network, cloud, endpoints, and identities. Only through this approach can organizations stay ahead and protect critical operations from relentless adversaries.”
For the full September 2025 Global Threat Intelligence Report and additional insights, visit the Check Point Blog.
Follow Check Point via:
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
X: https://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
