Check Point Research today released Global Threat Intelligence Insights for November 2025, revealing that organizations around the world each face an average of 2,003 cyberattacks per week.
This reflects the continued escalation of global cyber threats driven by the spread of ransomware and risks associated with generative AI (GenAI), up 3% from October and 4% year-over-year.
Of the four African countries included in the reportAngola had 4,251 attacks per week per organization, followed by Nigeria with 3,374, Kenya with 2,384 and South Africa with 1,863 attacks per week. Overall, attacks in Africa were down 13% year over year. Regarding Africa’s industrial sectors, government, financial services, and consumer goods and services were the most attacked in November.
Introduction of GenAI increases new data breach risks, but education remains the biggest target
As enterprise use of Generative AI (GenAI) tools rapidly expands, Check Point Research recognizes that exposure to sensitive data is increasing. As of November 1st, every 35 GenAI prompts sent from a corporate network posed a high risk of data breach, impacting 87% of organizations that regularly use GenAI, highlighting how deeply embedded AI has become in daily workflows.
An additional 22% of prompts included potentially sensitive information such as internal communications, customer data, proprietary codes, and personal identifiers. While some usage occurs through administrative tools, organizations still use an average of 11 GenAI tools per month, most of which are unmonitored and may operate outside of formal security governance. Such exploits increase the likelihood of accidental data breaches and expose organizations to increased risk of malicious intrusions, ransomware, and AI-powered cyberattacks.
The education sector remains the most targeted globally, with an average of 4,656 attacks per week per organization (up 7% year-on-year). Government agencies followed with 2,716 attacks per week (up 2% year-over-year), while associations and nonprofits saw a dramatic increase with 2,550 attacks per week, a 57% increase year-over-year.
Regionally, Latin America reported the highest attack volume, with an average of 3,048 attacks per week per organization (up 17% year over year). Attack levels maintained in Asia Pacific (-0.1% year-on-year), declined in Africa (-13% year-on-year), Europe saw a slight 1% decline, and North America recorded a 9% year-over-year increase, due in part to increased ransomware activity.
Ransomware Threat Landscape: Activity Jumps 22% YoY
Ransomware remains one of the most harmful cyber threats, with 727 publicly reported incidents worldwide in November, a 22% increase year-on-year. North America accounted for 55% of all reported cases, followed by Europe at 18%. The United States alone accounts for 52% of the world’s cases, followed by the United Kingdom (4%) and Canada (3%).
By industry, the most affected sectors were industrial manufacturing (12%), business services (11%), and consumer goods and services (10%).
The leading ransomware groups in November were Qilin (15%), Clop (15%), and Akira (12%), which together accounted for a significant portion of victim disclosures.
“November’s data shows that the overall number of attacks continues to rise and there is further concern about the sophistication behind these operations,” said Omar Dembinsky, data research manager at Check Point Research. “The combination of data disclosure gives attackers more tools and opportunities to carry out harmful campaigns. The only effective approach is prevention, leveraging real-time AI and proactive threat intelligence to block attacks before they cause harm.”
