Η Checkpoint Research, the Department threat analysisth Check Point Software Technologies, has released its Global Threat Intelligence data for March 2026, revealing that organizations worldwide faced an average of 1.995 cyberattacks per week.
While this number represents a small 5% decrease compared to March 2025, this decline suggests a short-term stabilization rather than a decline in attacker capabilities. Rather, it reflects how threat activity is shifting across targets and techniques as adversaries rebalance their campaigns, test new penetration paths, and exploit the expanding digital presence of modern organizations.
“March’s results may seem subdued, but attackers haven’t backed down — they’ve just shifted gears” — Omer Dembinsky, Director of Data Research, Check Point Research “As GenAI becomes the default tool of the workplace and ransomware groups maintain a steady pace of activity, organizations must plan for a future where risk is continuous, rapidly evolving, and increasingly shaped by automation. The most resilient organizations will be those that view prevention as a system — reducing exposure, enforcing governance, and implementing protections that use AI to stop threats before they spread.”
Education, Public Services and Telecommunications: The Main Elements
In March, the Education sector remained the most attacked industry globally, facing an average of 4.632 weekly attacks per organization (down 6% year-over-year). Government organizations followed with 2.582 attacks per week (down 12% year-over-year), and Telecommunications ranked third with 2.554 attacks (down 10% year-over-year).
Notably, the Hospitality, Travel & Leisure sector saw a 30% year-over-year increase, aligning with the spring and summer travel boom. This seasonal shift typically expands the attack surface through increased digital transactions, higher reliance on third parties, and faster operational dynamics — conditions that cybercriminals often exploit.
Regional Analysis: Latin America on the Rise
Regionally, Latin America recorded the highest volume of attacks, with an average of 3.054 attacks per organization per week, showing a 9% increase year-over-year. Asia-Pacific ranked second with an average of 3.026 weekly attacks (down 4% year-over-year), followed by Africa with 2.722 weekly attacks per organization (down 22% year-over-year). This was followed by Europe with 1.647 weekly attacks (down 7% year-over-year) and North America with 1.384 weekly attacks per organization (down 8% year-over-year).
Greece: The State of Cyberspace
In Greece, organizations faced an average of 1.390 weekly cyberattacks per organization in March 2026, an encouraging 6% decrease year-on-year. However, this small improvement should not create an illusion of security. Greek organizations continue to face significant threats in critical sectors of the economy.
The most attacked sectors in Greece are:
-
Government
-
Telecommunications
-
Consumer Goods & Services
-
Financial services
-
Automotive industry
GenAI: The New Danger Front
Despite the decline in overall attacks, the risk associated with GenAI continues to grow. In March, 1 in 28 GenAI prompts submitted from enterprise environments cited a high risk of sensitive data leakage, impacting 91% of organizations that regularly use GenAI tools. An additional 17% of prompts contained potentially sensitive information.
Last month, each organization used an average of 9 different GenAI tools, while the typical user created 78 prompts per month, highlighting how quickly AI has been integrated into everyday workflows — often before governance and security systems are in place. This means organizations are creating new, quieter paths of exposure at scale — increasing the likelihood of data breaches and subsequent exploitation even without a contractual breach.
Ransomware: Activity Renewal
Ransomware remains one of the most destructive threats in March, with 672 publicly reported attacks. While this represents an 8% decrease compared to March 2025, it represents a 7% increase compared to February 2026, marking renewed month-on-month momentum.
Intermediate Materials Services was the most targeted sector, accounting for 35% of ransomware incidents, followed by Consumer Goods & Services (14%) and Industrial Manufacturing (13%) — both accounting for 61% of reported victims.
In terms of ransomware attacks by region, North America was the most affected region, accounting for 55% of all reported ransomware incidents, followed by Europe at 24% and Asia Pacific at 12%. While North America remains the most affected region, Europe saw a notable increase, rising from 17% of all reported attacks in February 2026 to 24% this month.
In terms of ransomware attacks by country, the United States was the most affected country, accounting for 52% of publicized ransomware attacks, followed by Germany with 5% and France with 4%.
The Ransomware Landscape: Concentration and Diffusion
In March, ransomware activity was led by a small group of highly active actors: Qilin accounted for 20% of reported attacks, followed by Akira (12%) and DragonForce (8%). While these three groups were each responsible for 40% of all reported incidents, the broader picture is more concerning: 47 different ransomware groups publicly impacted the month globally.
The combination of concentration and diffusion points to a maturing ransomware ecosystem, where established Ransomware-as-a-Service (RaaS) platforms continue to expand through affiliate subscriptions, advanced tooling, and cross-platform capabilities, while a growing number of smaller actors maintain pressure across industries. The result is a threat landscape that remains resilient, adaptable, and difficult to disrupt — even as individual groups rise and fall in prominence.
For more information on cyber threat trends for March 2026, visit Check Point Research Blog.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
