Every quarter, Check Point Research publishes the threats of the past three months, gathering intelligence from it ThreatCloud AI platform, which analyzes millions of indicators of compromise (IoCs) daily. Powered by over 50 Artificial Intelligence (AI)-driven engines and sourced from more than 150,000 networks and millions of endpoints, this data provides a real-time view into the threats organisations face globally. In Q2 2025, that view revealed an accelerating wave of cyber attacks targeting almost every sector and region around the world.

In Q2 2025, the global average number of weekly cyberattacks per organisation reached 1,984, a 21% increase compared to the same period in 2024 and 58% higher than two years ago.

While this growth continues a long-standing trend, a closer look at industry and region-specific data highlights notable patterns, including continued high targeting of the education sector, and the most significant regional increase in attacks was seen across Europe.

Education Sector: Highest Volume of Attacks

In Q2, the top three most targeted sectors were:

1. Education: 4,388 weekly cyberattacks per organisation (+31% YoY).
2. Government: 2,632 weekly cyberattacks per organisation (+26% YoY).
3. Telecommunications: 2,612 weekly cyberattacks per organisation (+38% YoY).

The surge in cyberattack numbers on the education sector reveals sustained pressure on this sector with attackers’ focus on possibly underfunded security defenses and the tempting wealth of student and staff credentials, ripe for exploitation. Government organisations remain attractive targets, with their sensitive data and ability to provide geopolitical leverage. Meanwhile, the telecommunications sector saw a significant increase, highlighting its critical role in national infrastructure and the potential targeting of sensitive customer information.

Check Point Study’s Regional Trends: Europe Reports the Highest Growth

In terms of regions, the top three in average weekly attacks per organisation, according to Check Point’s latest study, were:

1. Africa: 3,365 weekly cyberattacks per organisation (+14% YoY).
2. APAC: 2,874 weekly cyberattacks per organisation (+15% YoY).
3. Latin America: 2,803 weekly cyberattacks per organisation (+5% YoY).

While Europe’s average volume was not the highest, it did show the largest YoY increase, at 22%, indicating an upward trend in threat activity within the region, as attackers exploit geopolitical tensions, regulatory fragmentation and the region’s high concentration of highly valuable data.

Ransomware by the Numbers, According to Check Point

Based on public data from double-extortion “shame sites,” approximately 1,600 ransomware incidents were reported globally in Q2 2025. These disclosures provide visibility into some of the quarter’s most high-impact attacks.

The regional ransomware breakdown can be seen in the visual below, with North America accounting for 53% of the reported incidents, and Europe for 25%. (Note: Ransomware data is based on public disclosures from threat actor-controlled leak sites and may not reflect all incidents globally.)

Business services, industrial manufacturing, and construction & engineering are the top three industries affected by ransomware. The table below shows the top 10 industries based on the “shame site” reportings.

Key Takeaways from Q2 2025

• Global attacks per organisation continued to climb, with a 21% increase YoY.
• The education sector continues to report the highest volume of attacks, more than double the global average.
• Europe experienced the highest YoY growth in regional attack volume.
• Ransomware activity remained prominent, with notable concentration in North America and Europe.

Check Point Identifies What to Watch Going Forward

As the cyber threat landscape continues to evolve, Check Point will be closely tracking:

• Shifts in sector-specific targeting.
• Regional variances in attack volumes.
• Ongoing ransomware disclosures via public sources.

How Organisations Can Stay Protected: A Check Point Breakdown

As cyberattacks grow in volume and reach, organisations need to be proactive, not reactive. A prevention-first strategy, supported by layered defences and continuous visibility, remains key.

To better combat today’s threat landscape, Check Point recommends the following:

• Invest in threat prevention: Use advanced security technologies such as intrusion prevention systems(IPS), anti-ransomware tools, and threat intelligence to block attacks before they cause damage.
• Strengthen endpointand network defences: Implement robust firewalls, email security, and endpoint protection platforms to reduce attack surfaces.
• Promote user awareness: Run regular training and simulated phishing exercises to help employees recognise and report suspicious activity.
• Ensure backup and recovery readiness: Maintain up-to-date, segmented backups and test recovery processes regularly to limit downtime in the event of ransomware or other disruptions.
• Adopt zero trust principles: Continuously verify access permissions and segment networks to minimise lateral movement.
• Stay informed: Monitor threat intelligence feeds and industry alerts to anticipate emerging threats.

While no single solution can completely eliminate cyber risk, organisations can significantly enhance their resilience by implementing multiple coordinated layers of protection. This approach helps to reduce both the likelihood and impact of a successful attack. To stay updated on new threats and the continually evolving threat landscape, visit Check Point Research.