Check Point Research, the threat intelligence division of Check Point Software Technologies, has released its Global Threat Intelligence insights for May 2026, revealing that organisations worldwide experienced an average of 2,055 cyber-attacks per week, a 2% increase year on year.
The report shows that Latin America remained the most targeted region, recording 3,149 attacks per organisation weekly, marking a 13% year-on-year rise. Africa followed closely, averaging just under 3,000 attacks per organisation each week.
Across the continent, Ethiopia, Nigeria, Zimbabwe, Angola, and Mozambique emerged as the most attacked countries. Angola and Nigeria recorded attack volumes more than double the global average, with 4,046 and 3,941 attacks per organisation per week respectively. Kenya and South Africa reported comparatively lower but still significant levels at 2,443 and 1,738 weekly attacks.
Despite a slight year-on-year decline in overall attack activity, Africa remains one of the world’s most heavily targeted regions due to sustained ransomware campaigns, hacktivist activity, and increasingly sophisticated AI-enabled cyber threats.
“May’s numbers show that attackers are continuously adapting, shifting their timing and techniques rather than slowing down,” said Omer Dembinsky. “As ransomware scales and GenAI adoption accelerates across enterprises, organisations must assume constant exposure and prioritise prevention-first, AI-driven security strategies.”
Ransomware Shifts Toward Financial Gain
Ransomware continues to dominate the global threat landscape, with 698 publicly reported incidents in May alone, a 48% increase year on year, the steepest rise recorded in 2026.
According to the report, Africa is witnessing a shift in attack patterns from disruption-based campaigns to financially motivated operations. Business services and financial services have become prime targets due to their perceived ability to pay ransoms and store valuable data.
“Ransomware groups continue to apply sustained pressure on African organisations,” said Hendrik de Bruin. “Business and financial services are increasingly in focus as attackers refine monetisation strategies.”
Government and Critical Infrastructure Under Pressure
Globally, government institutions ranked as the second most targeted sector, averaging 2,620 weekly attacks per organisation, followed closely by telecommunications at 2,583.
In Africa, government systems and public infrastructure were heavily targeted, with coordinated disruption campaigns reported in countries including Egypt. In South Africa, several major institutions, including the South African Revenue Service (SARS), SITA, and the City of Ekurhuleni, were reportedly affected.
Telecommunications providers also faced sustained targeting, reflecting the growing focus on interconnected national infrastructure.
Education Sector Remains the Top Global Target
The education sector remained the most attacked industry worldwide, recording 4,641 weekly attacks per organisation, a 7% year-on-year increase.
The report attributes this to large user bases, open digital environments, and limited cybersecurity resources. Other sectors experiencing rising attacks include agriculture, hospitality, travel and recreation, and construction.
Perimeter Weaknesses Drive Intrusions
Check Point Research also highlighted increased exploitation of perimeter vulnerabilities, particularly authentication bypass flaws affecting VPNs and firewalls.
These weaknesses are increasingly used as entry points for ransomware and data theft campaigns, allowing attackers to move laterally within networks after initial compromise.
GenAI Expands the Attack Surface
The report further reveals that one in every 25 enterprise GenAI prompts posed a high risk of sensitive data leakage. Around 91% of organisations using GenAI tools experienced exposure risk, while 22% of prompts contained potentially sensitive information.
On average, organisations used nine GenAI applications, with users generating about 70 prompts per month.
The report warns that attackers are also leveraging AI to accelerate phishing, credential theft, and social engineering operations.
Outlook
Check Point Research cautions that the slight dip in attack volumes should not be interpreted as reduced risk, but rather a shift in attacker strategy.
The findings highlight the need for stronger prevention-first cybersecurity frameworks, improved vulnerability management, and tighter governance around AI adoption as organisations across Africa continue to digitise rapidly.