Global cyber attack volumes remained at near-record levels in February 2026, even as reported ransomware incidents saw a double-digit decrease. New data from Check Point Research shows organisations faced an average of 2,086 attacks per week. This figure marks a 9.6% increase from February 2025 and remains consistent with the high activity levels recorded in January 2026.
Persistent pressure on critical sectors
The education sector continues to face the highest volume of threats globally. Educational institutions averaged 4,749 weekly attacks, a 7% rise compared to last year. Researchers attribute this targeting to large user bases, open network environments, and limited security budgets.
Other heavily targeted industries include:
- Government: 2,714 weekly attacks (+2% YoY)
- Telecommunications: 2,699 weekly attacks (+6% YoY)
In India, the automotive industry has emerged as a primary target alongside education and government entities.
GenAI usage and data exposure
The widespread adoption of Generative AI (GenAI) within corporate networks has introduced new security vulnerabilities. Check Point’s findings indicate that 1 in every 31 GenAI prompts submitted by corporate users posed a high risk of exposing sensitive data.
Statistics highlight the depth of AI integration in daily workflows:
- 88% of organizations using GenAI tools were affected by high-risk prompts.
- 16% of prompts contained potentially sensitive internal documents, credentials, or customer data.
- Average enterprise users generate 62 GenAI prompts per month.
- Organizations use an average of 11 different GenAI tools, many of which operate without formal oversight.
Regional trends and ransomware shifts
Latin America saw the sharpest increase in cyber activity, with attacks rising 20% to an average of 3,123 per week. While mature markets like North America and Europe saw more modest growth of 9% and 11% respectively, they remain primary targets for high-value extortion.
Ransomware activity fell by 32% year-over-year, with 629 publicly reported incidents in February. However, this decline is viewed as a stabilization rather than a trend reversal. The high numbers in early 2025 were linked to a specific, massive campaign by the Clop group. Excluding that event, ransomware levels remain steady.
The United States remains the primary victim of ransomware, accounting for 51% of global cases. The leading threat actors for the month were:
- Qilin: Responsible for 15% of reported attacks.
- Clop: Responsible for 13%.
- The Gentlemen: Responsible for 11%.
Business services remains the most impacted industry for ransomware, making up 37% of all reported victims. The fragmentation of the threat landscape is evident as 49 different ransomware groups disclosed victims during the month.