March 2026 Cyber Threat Landscape Sees Ransomware, GenAI Risks Accelerating
Singapore Organisations See 22% Surge in Attacks, Bucking Global Trend of Modest Decline

Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd recently released its Global Threat Intelligence insights for March 2026, revealing that organisations worldwide experienced an average of 1,995 cyber attacks per week.
Whilst this does represent a 5% modest drop compared to March 2025, Singapore organisations faced an average of 2,695 weekly attacks, representing a sharp 22% year-on-year increase. This data suggest that while global threat activity may be rebalancing, Singapore remains a high priority target for adversaries exploiting Asia Pacific’s dense digital footprint.

“March’s results may look like a breather, but attackers haven’t stepped back—they’ve simply shifted gears, particularly in highly digitised hubs like Singapore” said Omer Dembinsky, Data Research Manager at Check Point Research. “As GenAI becomes a default workplace tool and ransomware groups maintain a steady operational tempo, the most resilient organisations will be those that treat prevention as a system—reducing exposure andenforcing governance. The 22% rise in weekly attacks on Singapore over the last 6 months is a reminder that local prevention must be AI-powered and fast-moving to stop threats before they spread”
Singapore Industry Breakdown: Consumer Goods, Government and Financial Services Most Targeted
In Singapore, the Consumer Goods & Services sector emerged as the most targeted industry. The Government sector followed as the second most attacked, with Business Services and Financial Services ranking third and fourth, respectively. Notably, all four of these sectors saw attack volumes significantly higher compared to global numbers, highlighting a concentrated effort against Singapore’s core economic pillars.
Global Perspective: Education, Government and Telecom Remain Prime Targets—While Travel Sector Surges
In March, the Education sector remained the most attacked industry globally, facing an average of 4,632 weekly attacks per organisation (-6% YoY). Government organisations followed with 2,582 attacks per week (-12% YoY), and Telecommunications ranked third with 2,554 attacks (-10% YoY).
Notably, the Hospitality, Travel & Recreation sector recorded a 30% year-over-year increase, aligning with the ramp-up into spring and summer travel. This seasonal shift typically expands the attack surface through increased digital transactions, higher third-party dependency, and faster operational cadence—conditions that cybercriminals frequently exploit.
Latin America Demonstrates an Increase as Other Regions Decline
Regionally, Latin America recorded the highest attack volume, averaging 3,054 attacks per organisation per week, showing a year-over-year increase (+9% YoY). APAC ranked second with an average of 3,026 weekly attacks (-4% YoY), followed by Africa with 2,722 weekly attacks per organisation (-22% YoY). This was followed by Europe with 1,647 weekly attacks (-7% YoY) and North America with 1,384 weekly attacks per organisation (-8% YoY).
GenAI Adoption Accelerates Data Exposure Risks
Despite the dip in overall attacks, GenAI-related risk continues to rise. In the month of March, 1 in every 28 GenAI prompts submitted from enterprise environments posed a high risk of sensitive data leakage, impacting 91% of organisations that use GenAI tools regularly. An additional 17% of prompts contained potentially sensitive information.
Over the past month, each organisation used an average of 9 different GenAI tools, while the typical user generated 78 prompts per month, underscoring how quickly AI has embedded into daily workflows—often ahead of governance and security controls.
Taken together, these figures show that risk is shifting from attack volume to impact, with sensitive data increasingly exposed through everyday GenAI interactions that often sit outside traditional security and governance controls. In effect, organisations are creating new, quieter exposure pathways at scale—increasing the likelihood of data leakage and downstream exploitation even without a conventional breach.

Ransomware Rises Month-to-Month, Reinforcing Ongoing Business Disruption Risk
Ransomware remained one of the most disruptive threats in March, with 672 publicly reported attacks. While this marks an 8% decrease compared to March 2025, it represents a 7% increase over February 2026, signalling renewed momentum month-to-month.
Business Services was the most targeted sector, accounting for 35% of ransomware incidents, followed by Consumer Goods & Services (14%) and Industrial Manufacturing (13%)—together representing 61% of reported victims.
In terms of ransomware attacks per region, North America was the most affected region, accounting for 55% of all reported ransomware incidents, followed by Europe at 24% and APAC at 12%. While North America remains the most affected region, Europe saw a notable increase, rising from 17% of all reported attacks in February 2026 to 24% this month.
Looking at country ransomware attacks, the United States was the most impacted country, accounting for 52% of the reported ransomware attacks followed by Germany with 5% and then France with 4%.
Ransomware Power Consolidates at the Top—While the Ecosystem Expands Beneath It
In March, ransomware activity was led by a small group of highly operational actors, with Qilin accounting for 20% of publicly reported attacks, followed by Akira (12%) and DragonForce (8%). While these three groups alone were responsible for 40% of all reported incidents, the broader picture is more concerning: 47 different ransomware groups publicly impacted organisations worldwide during the month.
This combination of concentration and fragmentation highlights a maturing ransomware ecosystem, where established Ransomware-as-a-Service (RaaS) platforms continue to scale through affiliate recruitment, advanced tooling, and cross-platform capabilities, while a growing number of smaller operators sustain pressure across industries. The result is a threat landscape that remains resilient, adaptive, and difficult to disrupt—even as individual groups rise and fall in prominence.



