Check Point Research has released its global cyber threat results for February 2026, revealing that companies around the world faced 2,086 cyber attacks per week. This figure represents a decrease of 0.2% compared to January and an increase of 9.6% compared to February 2025. The results further confirm that data exposure linked to the use of generative AI has increased and that global cybersecurity pressure has stabilized at historically high levels.

While ransomware activity declined year-over-year due to an anomalous campaign observed in early 2025, total attack volume remains near all-time highs. This situation is driven by persistent automated attacks, the expansion of digital infrastructures, and increased data exposure associated with the widespread use of generative artificial intelligence (GenAI) tools.

The education sector, the one that suffered the most

By sector, education was once again the most attacked worldwide, with an average of 4,749 cyberattacks per week in February, which represents a year-on-year increase of 7%. Government institutions followed with 2,714 attacks per week (+2% year-on-year), while the telecommunications sector came in third with an average of 2,699 attacks per week (+6% year-on-year). This data reflects the intensification of attacks targeting connectivity infrastructures and 5G-enabled ecosystems, where the risk of data exposure is especially critical.

“The February data offered by Check Point Research shows that cyber risk is not a one-day phenomenon, but continuous,” says Eusebio Nieva, technical director of Check Point Software for Spain and Portugal. “Even as ransomware activity fluctuates, attackers maintain constant pressure across sectors and regions. At the same time, unmanaged use of GenAI continues to introduce new data exposure risks. Real-time protection based on prevention and powered by AI remains the most effective way to stop attacks before they cause operational or financial damage,” he adds.

The most attacked sectors in Spain in February

In Spain, organizations recorded an average of 1,923 weekly attacks in February, which represents an increase of 2% compared to the same month in 2025. The most affected sectors were Government, Consumer Goods and Services and Telecommunications, among others, areas in which incidents can also lead to the exposure of sensitive data.

  1. Government
  2. Consumer Goods and Services
  3. Telecommunications
  4. Financial Services
  5. Business Services
  6. Manufacturing Industry
  7. Energy and Utilities

By region, Latin America recorded the highest volume of attacks, with an average of 3,123 attacks per organization weekly (+20% year-on-year). APAC followed with 3,040 (+3% YoY), Africa recorded 2,993 attacks (-7% YoY), Europe saw 11% YoY growth and North America grew 9%. These data confirm sustained and growing cybersecurity pressure, with a parallel increase in the risk of data exposure across multiple sectors.

Data exposure risks from generative AI

The rapid adoption of generative AI tools in enterprise environments continues to introduce new cybersecurity and data protection challenges. In February 2026:

  • 1 in 31 requests to GenAI posed a high risk of sensitive data exposure.
  • 88% of organizations using GenAI tools experienced high-risk request activity.
  • An additional 16% of prompts contained potentially sensitive information, including internal documents, credentials, customer data, and private content, increasing the likelihood of data exposure.
  • Organizations used an average of 11 different GenAI tools.
  • The average business user generated 62 GenAI requests per month, highlighting how deeply integrated AI-powered workflows are into daily operations, often without sufficient visibility or controls to prevent data exposure.

Ransomware attacks

Ransomware remained one of the most destructive threats in February. Despite the decrease, 629 incidents were publicly reported during that month, which is 32% fewer than in February 2025. This decrease is largely attributed to an unusually large ransomware campaign carried out by the Clop group during the same period last year. Excluding that anomalous event, ransomware activity remains virtually constant year after year.

North America accounted for 57% of all reported cases, followed by Europe and APAC—both with 17%. This confirms that attackers continue to focus on regions with dense digital infrastructure and high economic value. At the country level, the United States accounted for 51% of global ransomware victims, followed by Canada (6%) and the United Kingdom (2.7%). Although the activity remains primarily concentrated in North America, the most affected countries span multiple continents, highlighting the global reach of ransomware operations.

88% of organizations using GenAI tools experienced high-risk request activity

By sector, Financial Services were the most affected (37%), ahead of Consumer Goods and Services (13%) and the Manufacturing Industry (9%), areas in which operational continuity is critical and interruption offers high leverage for extortion, in addition to increasing the risk of data exposure in the event of an intrusion.

The top ransomware groups in February were Qilin (15%), Clop (13%), and The Gentlemen (11%), together responsible for a substantial portion of victim disclosures. Additionally, 49 different ransomware groups publicly impacted organizations around the world during the month, highlighting the magnitude and fragmentation of the ransomware ecosystem.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.