Check Point Research, the threat intelligence and analytics division of Check Point Software Technologies Ltd., has published the Global Cyber Threat Analysis for April 2026, revealing that organizations worldwide suffered an average of 2.201 cyberattacks per week, recording an increase of 10% month-on-month and 8% year-on-year (YoY).
Following a brief slowdown in March, April’s data confirms that global cyber activity has not only not stabilized, but has accelerated again. This increase highlights how cybercriminals continue to adapt their campaigns, leveraging automation, an expanded digital footprint, and increased attack surfaces associated with the cloud and GenAI.
“April’s data suggests that the slowdown in March was temporary,” said Michalis Bozos, Country Manager, Greece, Cyprus, Bulgaria and Romania, Check Point Research. “Attackers remain highly active and agile, changing targets and timing rather than retreating. As ransomware escalates and GenAI becomes increasingly integrated into everyday work, organizations must view cyber risk as ongoing and focus on prevention, governance and AI-enabled security to thwart threats before they have an impact.”
Education, Public Sector and Telecommunications remain key targets
In April, the Education sector remained the most targeted globally, with 4.946 attacks per week per organization, recording an 8% increase year-on-year. Government followed with 2.797 attacks per week, showing relative stability (-1% YoY), while the Telecommunications sector ranked third with 2.728 attacks per week, an increase of 3% YoY.
At the same time, sectors with a strong seasonal nature, such as Tourism, Hotels and Leisure, recorded increased activity, as organizations strengthen their operations in view of the summer season, expanding their digital footprint through more transactions, collaborations with third parties and faster operational speeds.
Increase in attacks in all geographical areas – Steady pressure also in Greece
Geographically, Latin America remains the most targeted region globally, with 3.364 attacks per week per organization, up 20% YoY. APAC followed with 3.213 attacks (+4% YoY), while Africa recorded 2.940 attacks, down 9% YoY.
Europe recorded an average of 1.848 weekly attacks per organization (+9% YoY), while North America recorded 1.499 attacks (+0,4% YoY).
In Greece, organizations received an average of 1.591 cyberattacks per week, showing a 4% increase year-on-year, which confirms that the country follows the general European and global upward trend in cyberthreats and highlights the need to strengthen prevention and defense strategies.
GenAI increases the risk of data leakage
Despite fluctuations in attack volume, the risk associated with GenAI remained high in April. According to Check Point Research, 1 in 28 enterprise prompts in GenAI tools pose a high risk of leaking sensitive data, affecting 90% of organizations that routinely use them.
At the same time, businesses used an average of 10 different GenAI tools, with the average user creating 77 prompts per month, highlighting that GenAI is being integrated into daily operations faster than security and governance mechanisms can adapt.
Rise of ransomware heightens risk of business disruption
Ransomware remained one of the most destructive threats in April, with 707 publicly reported attacks, up 5% month-on-month and 12% year-on-year. The Business Services sector was again the most targeted, accounting for 33,8% of incidents, followed by Consumer Goods & Services (14,4%) and Manufacturing (9,9%), where downtime and data exposure directly translate into financial losses.
Geographically, North America accounted for 46% of ransomware attacks, followed by Europe (27%) and APAC (17%), confirming the continued targeting of high-value markets. At the same time, activity remains highly concentrated in a few groups, while the ransomware ecosystem continues to expand, maintaining constant pressure across all industries.
Ransomware remains concentrated, while the ecosystem expands
Ransomware activity in April was driven by a limited number of highly active groups. Qilin was responsible for 15% of the reported attacks, followed by The Gentlemen (10%) and DragonForce (9%). Together, these three groups accounted for 34% of incidents.
At the same time, the ransomware ecosystem continues to expand, with 56 different groups carrying out attacks globally during the month. The combination of strong “protagonists” and growing smaller players highlights a resilient and ever-evolving ransomware-as-a-service model that keeps pressure on all industries.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
