Global cyber attacks increased in January 2026

New findings reveal growing pressure on global networks as attackers refine their tactics and ransomware activity increases and GenAI-driven data exposure expands.

Check Point Research, the Threat Intelligence division of Check Point Software Technologies Ltd. released its January Global Threat Intelligence report, which reveals that organizations around the world faced an average of 2,090 cyberattacks per week. This represents an increase of 3% from December and 17% year-on-year, confirming the continued rise in global cyber pressure driven by intensifying ransomware activity and growing exposure linked to the widespread use of Generative AI (GenAI) tools.

“January data shows that cyberattacks are not only increasing, but becoming more refined and opportunistic,” said Omer Dembinsky, Data Research Manager at Check Point Research. Ransomware operators are accelerating their campaigns, while the uncontrolled use of GenAI is opening new blind spots for organizations. Real-time, prevention-first, AI-powered protection is the only effective way to stop attacks before they cause operational or financial damage.

GenAI Adoption Creates New Data Exposure Risks

The rapid adoption of GenAI tools in enterprises continues to present high-risk data leak avenues. In January, 1 in 30 GenAI requests sent from corporate networks represented a significant risk of sensitive data exposure, affecting 93% of organizations using them. An additional percentage of requests contained potentially sensitive information, such as internal documents, personal identifiers, customer information, and proprietary source code. Organizations were using an average of 10 different GenAI tools per month, many of which are likely unmanaged and operate outside formal governance structures, increasing the likelihood of accidental data leaks, ransomware infiltrations, and AI-based cyberattacks.

The education sector remained the most attacked sector worldwide, with an average of 4,364 weekly attacks per organization (+12% year-on-year). Government entities followed with 2,759 weekly attacks (+8% year-on-year). Telecommunications rose to third place, with 2,647 weekly attacks (+8% year-on-year), reflecting the intensification of attacks against connectivity-based infrastructure and 5G-enabled ecosystems.

Regionally, Latin America recorded the highest volume of attacks, with an average of 3,110 attacks per week per organization (+33% year-on-year). Asia-Pacific followed with 3,087 attacks (+7% year-on-year), Africa recorded 2,864 (-6% year-on-year), Europe increased by 18% and North America by 19% year-on-year.

Ransomware Threat Landscape: Activity Up 10% YoY

Ransomware remained one of the most destructive threats in January, with 678 publicly reported incidents, representing a 10% increase compared to January 2025. North America accounted for 52% of all known cases, followed by Europe at 24%, confirming that attackers continue to focus on regions with high economic value. The United States alone accounted for 48% of global ransomware victims, followed by the United Kingdom (5%), Canada (4%), Germany (4%), Italy (3%), and Spain (3%).

Among sectors, business services were the most affected (33%), followed by consumer goods and services (15%) and industrial manufacturing (11%), sectors where operational continuity is crucial and disruptions offer significant leeway for extortion.

The top ransomware groups in January were Qilin (15%), LockBit (12%) and Akira (9%), together responsible for a significant portion of victim reports.

Source: www.itsitio.com