Joy Agwunobi 

Africa has again topped the global chart as the most targeted region for cyberattacks, with organisations on the continent facing an average of 2,902 attacks per week in September 2025, according to the latest Global Threat Intelligence Report released by Check Point Research (CPR), the threat intelligence arm of Check Point Software Technologies Ltd.

The report, which tracks the frequency, distribution, and sophistication of cyber threats across industries and regions, revealed that while  cyberattack volumes have slightly eased worldwide, Africa remains the hardest-hit region in the world. The telecommunications, government, and consumer goods and services sectors were the most targeted industries across the continent.

Among African nations, Angola recorded the highest number of attacks with 3,045 weekly incidents per organisation (a 54 percent decline year-on-year), followed by Kenya with 3,000 (–21%), Nigeria with 2,749 (–32%), and South Africa with 2,054 (+26%). By contrast, organisations worldwide faced an average of 1,900 cyberattacks per week, underscoring the heightened risk exposure of African entities.

Expressing concern over the continent’s continued vulnerability, Lorna Hardie, regional director for Africa at Check Point Software Technologies, said the  rise in AI-driven attacks has made cybersecurity resilience more urgent than ever.

“As Africans, we are deeply concerned about the continent’s vulnerability to cyberattacks especially as many of the September incidents were prompted by the use of Generative AI,” Hardie said, adding “The only sustainable defense is a prevention-first strategy powered by real-time AI, ensuring protection across the network, cloud, endpoints, and identities. Only through this approach can organisations stay ahead and protect critical operations from relentless adversaries.”

GenAI expands the threat landscape

Beyond regional trends, the report highlighted the growing risks associated with the rapid adoption of Generative AI (GenAI) technologies across enterprise environments. Check Point Research found that one in every 54 GenAI prompts posed a high risk of sensitive data leakage — a threat that now affects over 90 percent of organisations using GenAI tools regularly.

An additional 15 percent of GenAI prompts were found to contain potentially sensitive or proprietary information, including customer data, internal communications, and confidential source codes. The findings underline the urgent need for AI governance and data protection frameworks to mitigate these new dimensions of exposure.

Education and telecoms among most targeted sectors

In sectoral terms, the education industry remained the most targeted globally, averaging 4,175 weekly attacks per organisation in September, a 3 percent decline year-on-year. This persistent targeting, according to Check Point Research, reflects the sector’s fast-paced digital adoption and underfunded cybersecurity defences, making it an easy target for attackers.

The telecommunications sector, which underpins digital connectivity and business continuity, suffered an average of 2,703 weekly attacks (+6% YoY), while government institutions continued to face sustained threats, recording 2,512 weekly attacks (–6% YoY).

Regional Comparison of Cyberattacks

Despite differing year-on-year trends, every continent experienced high levels of malicious activity in September.Check Point Research’s data showed  that while Africa led with 2,902 weekly attacks per organisation, Latin America followed closely with 2,826 attacks  (+7% YoY), the Asia-Pacific (APAC) recorded 2,668 (–10% YoY), Europe had 1,577 (–1% YoY), North America, however, experienced a significant 17 percent year-on-year increase, averaging 1,468 attacks per organisation each week, driven largely by a spike in ransomware cases.

Ransomware Surges in North America

Ransomware continued to be one of the most disruptive and financially devastating cyber threats globally, with 562 publicly reported incidents in September — representing a 46 percent rise compared to the previous year. North America accounted for 54 percent of these cases, followed by Europe with 19 percent.

By sector, Construction and Engineering led with 11.4 percent of reported ransomware victims, trailed by Business Services (11%) and Industrial Manufacturing (10.1%). Financial services, healthcare, and consumer goods also faced significant disruption, underscoring ransomware’s expanding reach.

The report identified Qilin (14.1%), Play (9.3%), and Akira (7.3%) as the most active ransomware groups, with Qilin maintaining its dominance as a major Ransomware-as-a-Service (RaaS) operator. The emergence of Rust-based encryptors and sophisticated runtime controls among newer actors like Play and Akira further highlights the increasing complexity of ransomware operations targeting critical industries.

Omer Dembinsky, data research manager at Check Point Research, observed that although the total number of global attacks has declined slightly, the severity and complexity of threats are escalating.

“September’s threat data shows that while the overall volume of attacks has eased slightly, the impact and sophistication of cyber threats are intensifying,” Dembinsky said, while also noting “Ransomware remains the most destructive force, while the emergence of GenAI-related data leakage adds a new dimension of risk for organisations. Cybercriminals will likely seek to exploit every innovation faster than users can adapt.”

Check Point’s findings underline that Africa’s digital expansion is outpacing its cyber resilience. As governments and businesses accelerate their digital transformation agendas, the continent’s exposure to cybercrime is increasing, demanding a stronger emphasis on AI-powered prevention, real-time intelligence sharing, and coordinated policy interventions.

The report serves as both a warning and a call to action, urging African organisations to evolve their cybersecurity strategies from reactive defense to proactive, data-driven protection.