As each year passes, cyber attacks don’t just increase in number — they evolve in how they operate. A newly released Cyber Security Report 2026 highlights a shift that many security teams are already feeling: attacks are becoming more automated, more coordinated, and increasingly influenced by artificial intelligence.
The findings offer a useful snapshot of what organisations are up against today — and where attention needs to be focused going forward.
A Sharp Rise in Cyber Attacks
According to Check Point Software, organisations faced an average of 1,968 cyber attacks per week in 2025. That figure represents a 70% increase since 2023, signalling a sustained rise rather than a short-term spike.
What’s changed is not just volume, but execution. Attackers are now running campaigns across multiple attack surfaces at the same time, rather than relying on a single entry point. Techniques that were once limited to highly skilled or well-funded groups are now appearing much more widely.
As Check Point notes, artificial intelligence is no longer just a supporting tool — it is becoming embedded across multiple stages of the attack lifecycle.
AI Is Changing How Attacks Work
Check Point’s researchers observed that AI is increasingly used for:
- Reconnaissance and target profiling
- Social engineering and message generation
- Operational decision-making during attacks
Rather than purely manual operations, attackers are moving toward higher levels of automation, with early signs of semi-autonomous techniques beginning to emerge.
Lotem Finkelstein, VP of Research at Check Point Software, explains that AI is changing the mechanics of cyber attacks — not just making them more frequent, but enabling them to spread faster and operate more efficiently once they begin.
AI in the Workplace Brings New Risks
The report also highlights a growing challenge for organisations: how employees use generative AI tools in everyday work.
In a three-month period analysed by Check Point, 89% of organisations encountered risky AI prompts, with around one in every 41 prompts classified as high risk. These prompts may involve sensitive data, inappropriate instructions, or interactions that increase exposure.
This finding reinforces a trend many security teams are already grappling with. AI governance is no longer theoretical — organisations need visibility into how AI tools are being used, what data they interact with, and where risks may arise.
Ransomware Is More Fragmented — and More Active
Ransomware continues to evolve, but not necessarily in the way many people expect. Rather than a few large groups dominating the landscape, Check Point describes a decentralised ecosystem of smaller, specialised actors.
The report highlights:
- A 53% year-over-year increase in extorted victims
- A 50% rise in new ransomware-as-a-service groups
These groups often operate as networks of affiliates, access brokers, and service providers. AI now plays a role in targeting, negotiation, and operational efficiency, increasing both the speed and scale of ransomware activity.
While this fragmentation can create more points of detection for defenders, it also increases the overall volume of activity security teams must monitor.
Attacks Are Moving Beyond Email
Email remains a common attack vector, but it is no longer the only one. Check Point reports a growing trend toward multi-channel social engineering, with attackers coordinating activity across email, web, phone, browsers, and collaboration platforms.
One example is the rapid rise of ClickFix techniques, which surged by 500%. These attacks rely on fraudulent technical prompts that trick users into taking harmful actions, often within trusted digital environments.
Phone-based impersonation has also evolved, shifting from isolated scams into more structured enterprise intrusion attempts. As AI features become embedded in browsers, SaaS platforms, and collaboration tools, the “digital workspace” itself is increasingly treated as a trust layer by attackers.
Edge and Infrastructure Exposure Remains a Weak Point
The report also draws attention to ongoing risks at the network edge. Unmonitored edge devices, VPN appliances, and IoT systems continue to present opportunities for attackers.
Many organisations struggle to maintain an accurate inventory of internet-facing devices and firmware versions, particularly across hybrid and distributed environments. Attackers can exploit these assets as relay points, blending malicious traffic into legitimate network activity.
This remains a persistent operational challenge, especially for organisations that rely heavily on remote access.
AI Infrastructure Creates a New Attack Surface
Beyond end-user AI activity, the report also examines risks within AI infrastructure itself. Analysis referenced in the report found security weaknesses in 40% of 10,000 Model Context Protocol servers reviewed.
As AI models, agents, and supporting systems become embedded in enterprise environments, they introduce new interfaces and components that security teams must monitor. This expands the attack surface and adds another layer of complexity to modern security operations.
What Security Leaders Should Take From This
Alongside its findings, Check Point recommends that organisations reassess their security controls across:
- Networks and endpoints
- Cloud and email environments
- SASE and digital workspace platforms
It also emphasises the importance of governance and visibility around both sanctioned and unsanctioned AI usage, as well as strengthening protection at the network edge.
A CSB Perspective
At CSB, we see this report as confirmation of something many organisations already feel: cybersecurity is becoming more automated, more interconnected, and harder to manage in silos.
The goal isn’t to chase every new threat technique. It’s to ensure security foundations are strong, visibility is unified, and emerging risks — like AI usage and digital workspace trust — are understood rather than ignored.
As attackers adopt automation, defenders need clarity, coordination, and controls that work across the entire environment — not just one channel at a time.