Key Takeaways:
- Organizations experienced an average of 1,968 cyber attacks per week in 2025, representing a 70% increase since 2023
- AI is driving a significant shift in cyber attacks, with capabilities once limited to highly resourced threat actors now widely accessible
- Attackers are increasingly leveraging automation and AI to move faster, scale more easily, and operate across multiple attack surfaces simultaneously
- Social engineering is expanding beyond email, with attackers coordinating campaigns across multiple channels, including web, phone, and collaboration platforms
- Defending against AI-driven threats requires rethinking how security is designed and enforced, with a focus on prevention-led security and unified visibility across hybrid environments
Introduction to the Cyber Security Report 2026
The Cyber Security Report 2026, released by Check Point Software Technologies Ltd., reveals a significant increase in cyber attacks, with organizations experiencing an average of 1,968 cyber attacks per week in 2025. This represents a 70% increase since 2023, with attackers increasingly leveraging automation and AI to move faster, scale more easily, and operate across multiple attack surfaces simultaneously. According to Lotem Finkelstein, VP of Research at Check Point Software, "AI is changing the mechanics of cyber attacks, not just their volume." This shift requires organizations to reassess long-standing assumptions about how attacks originate, spread, and are stopped.
The Rise of AI-Driven Attacks
The report highlights a clear shift toward integrated, multi-channel attack campaigns that combine human deception with machine-speed automation. AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering, and operational decision-making. During a three-month period, 89% of organizations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk. This exposes new risks as AI becomes embedded in everyday business workflows. For instance, AI-driven attacks can now be used to accelerate targeting, negotiation, and operational efficiency in ransomware operations, contributing to a 53% year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups.
The Evolution of Ransomware Operations
Ransomware operations have decentralized into smaller, specialized groups, contributing to a significant increase in extorted victims and new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation, and operational efficiency, making ransomware attacks more sophisticated and difficult to detect. This trend is expected to continue, with attackers leveraging AI to improve their tactics, techniques, and procedures (TTPs). As a result, organizations must adopt a prevention-first approach to stop ransomware attacks before they can propagate and cause significant damage.
The Expanding Threat Landscape
Social engineering is expanding beyond email, with attackers coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms, and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit. This expansion of the threat landscape requires organizations to protect the digital workspace, where human trust and AI-driven automation intersect. For example, security teams should apply governance and visibility to sanctioned and unsanctioned AI usage to reduce exposure from high-risk prompts, data leakage, and misuse.
New Risks Emerge in AI Infrastructure
An analysis conducted by Lakera, a Check Point company, identified security weaknesses in 40% of 10,000 Model Context Protocol (MCP) servers reviewed, highlighting growing exposure as AI systems, models, and agents become embedded in enterprise environments. This new risk requires organizations to revalidate security foundations for the AI era and enable AI adoption securely. By doing so, organizations can reduce the risk of AI-driven attacks and protect their digital assets. For instance, organizations should reassess controls across networks, endpoints, cloud, email, and SASE to stop autonomous, coordinated attacks early.
Recommendations for Security Leaders
The Cyber Security Report 2026 shows that defending against AI-driven threats requires rethinking how security is designed and enforced, not simply reacting faster. Based on the trends observed, Check Point recommends that organizations revalidate security foundations for the AI era, enable AI adoption securely, protect the digital workspace, harden edge and infrastructure, adopt a prevention-first approach, and unify visibility across hybrid environments. By following these recommendations, organizations can improve their cybersecurity posture and reduce the risk of AI-driven attacks. For example, security teams can apply governance and visibility to sanctioned and unsanctioned AI usage, actively inventory and secure edge devices, VPN appliances, and IoT systems, and adopt a prevention-led security approach to stop threats before they can propagate.
Conclusion and Future Outlook
In conclusion, the Cyber Security Report 2026 highlights the significant shift in cyber attacks, with AI driving a new era of threats. Organizations must reassess their security foundations, enable AI adoption securely, and protect the digital workspace to defend against these threats. By adopting a prevention-first approach and unifying visibility across hybrid environments, organizations can improve their cybersecurity posture and reduce the risk of AI-driven attacks. As the threat landscape continues to evolve, it is essential for organizations to stay ahead of the threats and adapt their security strategies to the changing landscape. The full Cyber Security Report 2026 is available for download, and Check Point will host a livestream discussing key findings and recommendations from the report.
