Global Cyber-Attacks Rise 4% YoY, Organizations Face 2,003 Attacks per Week

In November 2025, global cyber activity continued its upward trajectory, with organizations facing an average of 2,003 cyber-attacks per week. This represents a 3% increase from October 2025 and a 4% rise compared to the same period last year. According to Check Point Research, this increase is driven by intensified ransomware activity, expanding attack surfaces, and growing exposure risks linked to generative AI tools in organizational workflows.

Education Sector Remains Under Pressure

The education sector continued to be the most targeted industry worldwide, experiencing an average of 4,656 attacks per organization per week—a 7% increase year-over-year. Government entities followed with 2,716 weekly attacks (+2% YoY), while associations and non-profits saw a significant surge of 57% YoY, averaging 2,550 attacks per week. This sharp increase highlights how cybercriminals are exploiting sectors with limited security resources but highly valuable data.

Regional Trends: Latin America Leads Growth

Regionally, Latin America recorded the highest number of attacks per organization in November, averaging 3,048 weekly attacks, a 17% increase from the previous year. APAC remained largely stable with 2,978 attacks (–0.1% YoY), while Africa saw a decline to 2,696 attacks (–13% YoY). Europe experienced a slight decrease of 1%, and North America saw a 9% increase, continuing its role as a prime target for sophisticated, financially motivated threat groups. Analysts note that over the past year, the gap between the most- and least-attacked regions has narrowed, reflecting a convergence toward a global average.

Generative AI Introduces New Security Risks

The rapid adoption of generative AI tools in enterprises is creating significant exposure risks. Check Point Research found that 1 in 35 AI prompts carried a high risk of sensitive data leakage, affecting 87% of organizations using AI regularly. Another 22% of prompts contained potentially sensitive information such as internal communications, proprietary code, or personal identifiers. Organizations use an average of 11 different AI tools monthly, most likely unsupervised, increasing the likelihood of data exposure and potential cyber intrusions.

Ransomware Activity Intensifies

Ransomware attacks rose sharply in November, with 727 reported incidents, marking a 22% increase compared to November 2024. North America was the epicenter, accounting for 55% of disclosed incidents, followed by Europe at 18%. At the national level, the United States represented 52% of all ransomware victims, with the United Kingdom and Canada following at 4% and 3%, respectively.

Industries most affected included industrial manufacturing (12%), business services (11%), and consumer goods and services (10%), reflecting a focus on sectors with high data value and operational dependencies.

Leading Ransomware Groups

The most active ransomware groups in November were Qilin and Clop, responsible for 15% of reported attacks, followed by Akira at 12%. Qilin has a long-established RaaS (Ransomware-as-a-Service) infrastructure, while Clop recently exploited Oracle E-Business Suite vulnerabilities to target high-value enterprises. Akira continued targeting business services and industrial manufacturing with advanced payloads for Windows, Linux, and ESXi systems.

Key Takeaways

November 2025 underscores the rapid growth of cyber threats and ransomware attacks, with regions and sectors increasingly impacted. The integration of generative AI into workflows introduces new vulnerabilities, while ransomware groups leverage sophisticated tools and infrastructures to expand their reach. Experts stress that proactive security measures, strong data protection, and governance over AI use are essential to defend against an evolving threat landscape.