The figure is clear, 1,900 cyber attacks per week on average per company worldwide during the month of September 2025. This is highlighted by the Check Point Research Global Threat Index. Although this figure represents a decrease of 4% compared to August, it is still 1% higher than in the same month of the previous year, a clear sign that the global IT risk panorama does not let up.

According to the report, organizations continue to be the target of constant campaigns. The stability in the apparent global volume hides more worrying realities, the increasing sophistication of the attacks and their greater capacity for impact. Data reveals that ransomware remains one of the most devastating mechanisms, while the use of generative artificial intelligence (generative AI) to exfiltrate data is emerging as a new risk frontier.

Sectors under attack

The education sector once again heads the list of those most affected, with an average of 4,175 cyberattacks per week per institution (a figure that, although it represents a drop of 3% year-on-year, maintains its privileged position of vulnerability). The combination of its accelerated pace of digitalization and the usual lack of investment in cybersecurity makes it a recurring target for malicious actors.

For its part, the telecommunications sector suffered 2,703 weekly attacks per organization, which represents an increase of 6% compared to the previous year. This data highlights its strategic importance as critical infrastructure and as a gateway to other sectors. At the government level, institutions recorded an average of 2,512 weekly attacks, marking a 6% year-on-year drop, but remaining among the entities most observed by cybercriminals.

The education sector once again heads the list of those most affected, with an average of 4,175 cyberattacks per week per institution

“September data shows that, although the overall volume of attacks has decreased slightly, the sophistication and impact of threats continues to increase. Cybercriminals will take advantage of any innovation before users can adapt. The only sustainable defense is a prevention-based strategy, powered by real-time AI, that protects network, cloud, endpoints and identities. Only then can companies get ahead and safeguard their critical operations against increasingly persistent adversaries” comments Eusebio Nieva, technical director of Check Point for Spain and Portugal.

Spain facing the digital onslaught

In the Spanish market, the pressure is also accentuated. Organizations in the country experienced an average of 1,951 weekly attacks in September, a 7% jump compared to the same month last year. Among the most affected sectors are:

1 Government
2 Consumer goods and services
3 Telecommunications
4 Manufacturing industry
5 Business services
6 Finance
7 Energy and utilities

This pattern allows us to observe how cybercriminals not only target critical infrastructures, but also those entities with high volumes of data exchange or complex supply chains.

Data leak risks from generative AI

One of the report’s most alarming findings relates to the expansion of generative AI in corporate environments. In the month analyzed, one in every 54 interactions or “prompts” made from organizational networks presented a high risk of exposure of sensitive data. This situation already affects 91% of companies that regularly use tools of this type. Additionally, 15% of those prompts contained potentially sensitive information such as customer data, proprietary code snippets, or internal communications.

These data underscore the urgency of implementing robust governance and control policies over the use of generative AI. Without those safeguards, productivity benefits can be wiped out by reputational, legal or economic losses.

The scourge of ransomware

The intensification of ransomware is another critical point of the report. Worldwide, 562 attacks were made public during September, representing an increase of 46% year-on-year. North America accounted for 54% of the reported cases, with the United States in the lead (52% of global cases). Europe, for its part, represented almost a fifth of the total at 19%.

In terms of vulnerable sectors, Construction and Engineering led with 11.4% of ransomware incidents, followed by Business Services (11%) and Manufacturing (10.1%). Sectors such as healthcare, finance, and consumer goods also suffered significant attacks, evidencing the spread of this threat beyond traditional domains.

Among the most active groups in September are:

  • Qilin (Agenda), responsible for around 14% of published attacks
  • Play, with about 9%
  • Akira, with more than 7% of cases
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.