Global Cyber Attacks Stay Near Record Highs in February 2026 Even as Ransomware Dips

TechTrends.Africa IconByTechTrends Hours On Categories Cybersecurity
Global Cyber Attacks

Check Point Research, the threat intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), has released its Global Threat Intelligence insights for February 2026. The headline number: organisations worldwide faced an average of 2,086 cyber attacks per week up 9.6% compared to February 2025, and essentially flat month-on-month (-0.2% vs January 2026).

While ransomware activity showed a year-on-year decline largely due to an unusually large campaign in early 2025, the broader picture is one of sustained, high-volume pressure. Automated attacks, expanding digital infrastructure, and the growing use of Generative AI (GenAI) tools are all keeping attack volumes at historically elevated levels.

How Africa Is Faring

Across the four African countries tracked in the monthly report, Nigeria continues to take the most hits, recording 4,326 attacks per organisation per week, though that’s down 1% year-on-year. Angola follows at 3,937 attacks per week (-13% YoY), and Kenya at 2,577 (-37% YoY).

South Africa recorded the lowest figure of the four at 2,204 attacks per organisation per week, but that number comes with a warning. It represents a 22% increase year-on-year, the steepest rise of any African country in the report. Overall, Africa averaged 2,993 attacks per organisation per week, down 7% compared to the same period last year.

The top three most attacked sectors in Africa during February were Financial Services, Government, and Consumer Goods & Services.

“South African organisations are under acute pressure to stave off persistent cyber threats,” says Lorna Hardie, Regional Director: Africa for Check Point Software Technologies. “Unmanaged GenAI usage continues to introduce new data exposure risks. Prevention-first, real-time protection powered by AI remains the most effective way to stop attacks before they cause operational or financial damage.”

GenAI Is Creating a Growing Data Exposure Problem

One of the more alarming trends in the February data is how quickly GenAI adoption is opening up new security risks. During the month, 1 in every 31 GenAI prompts submitted from corporate networks carried a high risk of sensitive data exposure, affecting 88% of organisations that regularly use these tools. A further 16% of prompts contained potentially sensitive information, including internal documents, login credentials, customer data, and proprietary content.

ALSO READ  Fake ChatGPT Apps Scam Users Out of Thousands of Dollars, Sophos Reports

On average, organisations used 11 different GenAI tools over the course of the month, many of them likely unmanaged and sitting outside any formal governance framework. The average employee generated 62 GenAI prompts per month, reflecting just how deeply AI-driven workflows have embedded themselves into daily operations, often with little visibility or oversight.

Education Remains the World’s Most Attacked Sector

Globally, the Education sector held its unwanted top spot, with institutions averaging 4,749 weekly attacks per organisation up 7% year-on-year. Government came second at 2,714 attacks per week (+2% YoY), while Telecommunications ranked third at 2,699 (+6% YoY), reflecting continued pressure on connectivity-driven infrastructure and 5G-enabled ecosystems.

Attack Volumes by Region

Latin America recorded the highest regional attack volumes in February, averaging 3,123 attacks per organisation per week — and the biggest year-on-year jump globally, up 20%. APAC followed closely at 3,040 attacks per week (+3% YoY), while Africa came in at 2,993 (-7% YoY).

Europe saw an 11% year-on-year increase and North America was up 9%, confirming that established digital markets are feeling the pressure just as much as emerging economies.

“February’s data shows that cyber risk is not episodic — it’s continuous,” said Omer Dembinsky, Data Research Manager at Check Point Research. “Even when ransomware activity fluctuates, attackers maintain constant pressure across industries and regions.”

Ransomware: Down on Paper, But Still a Major Threat

February saw 629 publicly reported ransomware attacks, a 32% drop compared to February 2025. But context matters here: that decline is largely because February 2025 featured an unusually large campaign by the Clop group, which inflated last year’s numbers. Strip that out, and ransomware activity is broadly in line with what we’ve seen over the past year.

ALSO READ  Ransomware is the Biggest Threat to Your Organisation. Here's Why

North America continued to absorb the bulk of ransomware incidents (57%), followed by Europe (17%) and APAC (17%). At the country level, the United States accounted for 51% of global ransomware victims, with Canada (6%) and the United Kingdom (2.7%) rounding out the top three.

By industry, Business Services was hit hardest (37%), followed by Consumer Goods & Services (13%) and Industrial Manufacturing (9%), sectors where operational disruption gives attackers significant leverage in extortion scenarios.

The leading ransomware groups in February were Qilin (15%), Clop (13%), and The Gentlemen (11%). Altogether, 49 different ransomware groups publicly claimed victims during the month, a figure that underlines just how fragmented and prolific the ransomware ecosystem has become.

For more insights into February 2026 cyber threat trends, visit the Check Point Research Blog.

TechTrends.Africa Icon

Techtrends Africa is Africa’s leading Tech blog that provides quality tech and innovation stories, trends, industry watch, reviews/analysis, interviews, and insights on emerging technologies and their application across critical sectors.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *