Check Point Research, the threat intelligence arm of Check Point Software Technologies, released its Global Threat Intelligence insights for November 2025, reporting that organizations worldwide faced an average of 2,003 cyberattacks per week. This reflects a 3% increase from October and a 4% rise year-over-year, indicating continued escalation in cyber threats driven by ransomware activity and risks tied to generative AI (GenAI).

GenAI Adoption and Data Exposure Risks

With enterprise use of GenAI tools expanding, Check Point Research observed growing exposure to sensitive data. In November, 1 in every 35 GenAI prompts originating from enterprise networks carried a high risk of data leakage, affecting 87% of organizations using GenAI. Another 22% of prompts contained information such as internal communication, customer data, proprietary code, or personal identifiers. Organizations used an average of 11 GenAI tools per month, many of which operate outside formal security oversight, increasing the possibility of accidental exposure and creating additional entry points for malicious activity, including ransomware and AI-enabled cyberattacks.

Sector and Regional Targeting Trends

The Education sector remained the most targeted, averaging 4,656 weekly attacks per organization (+7% YoY). Government institutions recorded 2,716 weekly attacks (+2% YoY), while associations and non-profits saw a significant increase, reaching 2,550 weekly attacks (+57% YoY).

Latin America reported the highest regional attack volume at 3,048 attacks per organization per week (+17% YoY). APAC remained nearly steady (–0.1% YoY), Africa saw a decline (–13% YoY), Europe recorded a 1% decrease, and North America observed a 9% rise, partly due to increasing ransomware activity.

Ransomware Activity

Ransomware remained a major threat, with 727 publicly reported incidents worldwide in November, a 22% year-over-year increase. North America accounted for 55% of all reported cases, followed by Europe at 18%. The United States represented 52% of global ransomware incidents, followed by the United Kingdom (4%) and Canada (3%).

Across industries, Industrial Manufacturing (12%), Business Services (11%), and Consumer Goods & Services (10%) were the most affected.

The most active ransomware groups identified in November were Qilin (15%), Clop (15%), and Akira (12%).

A Check Point Research spokesperson noted that the combination of rising attack volumes, ransomware expansion, and increased GenAI-related data exposure reflects growing sophistication in cyber operations, highlighting the need for real-time threat intelligence and preventive measures.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!