Check Point: Ransomware up 60% as Gen AI Data Risk Soars

Cyber threats in 2025 were numerous, but nothing quite reached the volume, scale and damage intensity of ransomware attacks. 

The December 2025 Global Cyber Attack Statistics from Check Point reveals that, on average, organisations were attacked 2,027 times per week – up 9% compared to December 2024. 

In the UK alone, each organisation suffered 1,440 cyber attacks per week, a rise of 39%.

“December’s data shows that cyber risk is no longer about isolated spikes, but continuous pressure,” says Mark Weir, Regional Director, UK and Ireland at Check Point Software. 

“Ransomware continues to scale through industrialised operations, while unmanaged Gen AI usage is creating widespread data exposure at the enterprise level. 

“Moving into 2026, organisations must prioritise prevention-first security, real-time AI threat intelligence and strong governance over how AI tools are used across the business.”

Qilin the major culprit

December 2025 saw 945 publicly-reported ransomware incidents in December – a record 60% increase on December 2024.

Check Point's report shows that more than half (52%) of the reported ransomware incidents occurred in North America, followed by Europe which faced 23% of cyber attacks, proving cybercriminals' particular focus on high-value regions.

A Russian group of cyber criminals calling themselves Qilin, which offers Ransomware-as-a-Service (RaaS), was the most active group in December according to the study. Research shows it was responsible for almost one in five (18%) publicly-disclosed ransomware attacks. 

RaaS cybercrime groups LockBit5 and Akira were other significant disruptors, accounting for 12% and 7% of the share of cyber attacks respectively.  

These ransomware groups, the report says, continue to target Windows, Linux and virtualised ESXi environments.

Education, government and non-profits the main targets

Check Point's data shows education was the most targeted sector globally, facing an average of 4,349 cyber attacks per week.

Government institutions followed with 2,666 attacks per week, while non-profit organisations were attacked 2,509 times on average.

While aging infrastructure, lack of resources and abundance of user data makes these enterprises prime targets for cyber attacks, a new threat is further accelerating this risk: Gen AI.

Rapidly adopted and trusted to boost productivity, data shows that an average of 11 different Gen AI tools are used by employees, creating massive enterprise security flaws.

“Even as AI tools drive unprecedented productivity, we are simultaneously stepping backward in security because organisations are integrating them faster than they secure them," says Nataly Kremer, Chief Product Officer (CPO) at Check Point Software Technologies. 

“At Check Point Software Point, we see this first hand. In just one month, our teams identified about ten significant vulnerabilities across widely used AI tools.”

In addition to tool vulnerability, Check Point's research shows that one in every 27 Gen AI prompts submitted from enterprise networks posed a high risk of sensitive data leakage.

The vast majority (91%) of organisations using Gen AI tools, the report shows, were affected by high-risk prompt activity.

With one in four (25%) prompts revealing potentially sensitive information, the increasing use of shadow AI by employees considerably increases the likelihood of enterprises facing AI-enabled cyber attacks.