Cyber attacks are not just increasing in number — they’re evolving in how they are planned, delivered, and scaled. A newly released Cyber Security Report 2026 highlights a significant shift in attacker behaviour, driven largely by automation and artificial intelligence.
The findings reinforce something many organisations are already experiencing: cyber threats are becoming faster, more coordinated, and harder to contain using traditional, siloed security approaches.
A Sharp Rise in Global Cyber Attacks
According to Check Point Software, organisations faced an average of 1,968 cyber attacks per week in 2025 — a 70% increase since 2023.
What stands out is not just the volume of attacks, but how they are executed. The report notes that attackers are increasingly using automation and AI to run campaigns across multiple attack surfaces at the same time. Techniques that once required highly skilled, well-funded groups are now more widely accessible, allowing a broader range of threat actors to launch personalised and coordinated attacks against organisations of all sizes.
Lotem Finkelstein, VP of Research at Check Point Software, describes this shift as a fundamental change in how cyber attacks work — not just how many there are.
AI Is Embedded Across the Attack Lifecycle
The report highlights that AI now appears across multiple stages of modern attack workflows, including:
- Reconnaissance and target profiling
- Social engineering and message creation
- Operational decision-making during active attacks
Rather than isolated events, attacks are increasingly integrated campaigns that combine human deception with automation. This allows threat actors to move faster, adapt mid-attack, and scale activity far beyond what manual operations could achieve.
AI Use in Everyday Work Introduces New Risk
Beyond external attacks, the report also points to risks arising from how AI tools are used inside organisations.
Over a three-month period analysed by Check Point, 89% of organisations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk. These interactions may involve sensitive data, unsafe instructions, or behaviours that increase exposure without users realising it.
This reinforces the need for organisations to have visibility and governance around AI usage — not to block it entirely, but to understand how and where it introduces risk.
Ransomware Operations Are More Fragmented — and More Active
The report also highlights continued evolution in ransomware activity. Rather than a small number of dominant groups, ransomware operations are becoming more decentralised, with smaller, specialised players working together.
Check Point reported:
- A 53% year-on-year increase in extorted victims
- A 50% rise in new ransomware-as-a-service groups
AI now plays a role in targeting, negotiation, and improving operational efficiency, helping ransomware groups scale their activity even as they fragment.
Social Engineering Has Moved Beyond Email
Email remains an important attack vector, but it is no longer the only one. The report notes that social engineering campaigns increasingly operate across email, web, phone, browsers, and collaboration platforms.
One technique highlighted is ClickFix, which surged by 500%. These attacks rely on fraudulent technical prompts that manipulate users into taking unsafe actions. Phone-based impersonation has also evolved into more structured attempts to gain a foothold inside organisations.
As AI features are embedded into browsers, SaaS platforms, and collaboration tools, the digital workspace itself has become a key trust layer — and a target for attackers.
Edge and Infrastructure Exposure Remains a Weak Spot
The report also points to growing exposure at the network edge. Unmonitored edge devices, VPN appliances, and IoT systems are increasingly used as relay points during attacks, allowing malicious traffic to blend into legitimate network activity.
Maintaining visibility over internet-facing assets remains a challenge for many organisations, particularly in hybrid and distributed environments.
AI Infrastructure Adds a New Attack Surface
In addition to user-facing risks, the report highlights weaknesses in AI infrastructure itself. Analysis referenced in the report found security issues in 40% of 10,000 Model Context Protocol servers reviewed.
As AI systems, models, and agents become embedded in enterprise environments, they introduce new components and interfaces that require the same level of monitoring and protection as traditional systems.
Security Priorities for the Year Ahead
Based on its findings, Check Point recommends that organisations:
- Reassess controls across networks, endpoints, cloud, email, and SASE
- Apply governance and visibility to both sanctioned and unsanctioned AI usage
- Protect the digital workspace across browsers, SaaS, collaboration, and voice channels
- Inventory and secure edge assets such as VPN appliances and IoT systems
- Maintain consistent visibility and enforcement across on-premises, cloud, and edge environments
A CSB Perspective
At CSB, we see this report as further evidence that cybersecurity can no longer be approached in isolated layers. As attackers use automation and AI to move faster and operate across multiple channels, organisations need clarity, coordination, and security foundations that work together.
The goCyber Attacks Are Accelerating — How Automation and AI Are Changing the Threat Landscapeal isn’t to chase every new technique — it’s to ensure visibility, governance, and resilience across the environments people actually use every day.