Check Point observes how the number of cyberattacks has risen again over the past year. AI plays a role in this, although the threat landscape is not changing drastically.
Coordinated cyberattacks involving artificial intelligence, ransomware, and identity theft are increasing sharply. This is according to the Cyber Security Report 2026 from Check Point Software Technologies. Globally, the number of cyberattacks rose by 18% year-on-year in 2025. Since 2023, the increase has reached as much as 70%.
AI as an accelerator
According to the report, attackers are increasingly combining multiple techniques into a single campaign. AI, ransomware, social engineering, and the exploitation of hybrid IT environments are being brought together purposefully. In contrast, organizations often still work with security models that address individual threats.
Check Point sees AI primarily helping to support existing campaigns. This aligns with findings previously shared by Google regarding the role of AI in the threat landscape. AI supports threats, but is currently not responsible for a completely new type of attack.
More efficient attacks
For instance, ransomware campaigns are becoming more efficient according to Check Point. Attackers are splitting up activities and automating processes with AI. They use this technology to select targets and conduct negotiations. The number of extortion victims rose by 53%. The number of new ransomware-as-a-service groups increased by 50%. Attacks primarily exploit existing access points and slow detection.
Email remains the primary channel for malware distribution, accounting for 82% of malicious files. Web-based attacks represent 18%. However, attackers are more frequently combining different channels. Phone fraud, collaboration tools, and web attacks are part of a single coordinated operation. ClickFix campaigns, where users are prompted to perform malicious actions themselves, increased by approximately 500%.
Geopolitics and complex environments
Additionally, states are structurally deploying cyber operations for geopolitical purposes. Campaigns target governments, civilian systems, and critical infrastructure. AI increases the speed and scale of influence operations.
Hybrid IT environments increase risk, Check Point believes. The combination of cloud, on-premises systems, and edge devices creates a fragmented attack surface. Poorly managed edge devices often serve as entry points.
Check Point also notes that the infrastructure behind AI systems shows vulnerabilities. Research by Lakera shows that 40% of the MCP servers examined are insufficiently secured. As a result, the impact of an incident can escalate quickly. This finding is in line with a vulnerability previously discovered by LayerX. That company found that AI agents with local access can be convinced to install and execute malicious code, without a hacker actually needing to exploit a bug or error.
Local figures
In Belgium, organizations recorded an average of 1,288 attacks per week in 2025, an increase of 14%. Globally, the average was 1,968 attacks per organization per week. Notably, Luxembourg faces even more weekly attacks (1,671, an increase of 35%). In the Netherlands, Check Point detected 1,167 attacks per week in 2025 (an increase of 38%). In Europe, education, telecom, and government were the primary targets. In Belgium, healthcare was once again the most targeted sector.