Check Point Research Reveals Key Cyber Threats for May 2026: Japan Records Highest Attack Growth Rate Globally with 62% Year-on-Year Increase

Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cybersecurity solutions, today published its analysis of global threat intelligence for May 2026.

In May 2026, organizations worldwide faced an average of 2,055 cyberattacks per week, a 2% increase year-on-year but a 7% decrease compared to the previous month. This decline follows a sharp spike in April, suggesting that the reduction in May reflects a temporary lull rather than a sustained downward trend. Despite the overall stabilization, ransomware activity and risks associated with generative AI continue to expand, indicating that the threat landscape remains highly active.

Japan, in particular, recorded 1,869 weekly attacks per organization in May 2026, ranking sixth among nine APAC countries. This represents a 62% year-on-year increase—the highest growth rate among all surveyed countries. Although this is a decrease from April 2026, which saw 2,048 weekly attacks per organization (a 73% year-on-year increase), the data highlights that Japan has been experiencing significantly higher attack volumes compared to the same period in 2025 over the past several months.

Omer Dembinsky, Data Research Manager at CPR, commented:

"The May figures demonstrate that a reduction in attack volume does not necessarily mean a reduction in risk. Attackers are not slowing down; instead, they are adapting their timing and tactics. With ransomware attacks expanding and generative AI adoption accelerating across enterprises, organizations must operate under the assumption that they are constantly under threat. A prevention-first, AI-driven security strategy capable of stopping threats before they cause damage is essential."

Education, government, and telecommunications remain primary targets, while attacks on other sectors are expanding

In May 2026, the "Education & Research" sector remained the most targeted, experiencing an average of 4,641 attacks per organization per week—an increase of 7% year-on-year. Educational institutions continue to be highly attractive targets for threat actors due to their large, open user environments and often limited security resources.

The "Government & Military" sector followed with 2,620 weekly attacks per organization, and the "Telecommunications" industry recorded 2,583 weekly attacks. In addition to these traditionally targeted sectors, notable increases were observed in "Agriculture," "Hospitality, Travel & Entertainment," and "Construction & Engineering." This reflects a broadening attack surface across industries, driven by ongoing digital transformation.

Active attacks persist globally, with Latin America remaining the top target region

Regionally, Latin America continued to be the most targeted region worldwide, with organizations facing an average of 3,149 weekly attacks—a 13% year-on-year increase. Rapid digitalization, combined with uneven security maturity across the region, continues to make it a prime target for cyberattacks. Africa saw a 20% year-on-year decline in threat activity, but attack volumes remain high, keeping it among the most targeted regions globally. Other regions also showed stabilization in overall attack numbers, yet active threat campaigns continue.

Exposure risks escalate with the adoption of generative AI

While overall attack volumes slightly decreased, risks related to generative AI remained consistently high in May 2026. The following trends were observed:

- One in 25 enterprise generative AI prompts contains content with high risk of sensitive data exposure
- This risk potentially affects 91% of organizations that regularly use generative AI tools
- 22% of prompts contain information that could be classified as sensitive
- On average, each organization uses nine different generative AI tools
- The average enterprise user generates 70 prompts per month

The rapid adoption of generative AI is outpacing the development of governance and security controls, increasing the likelihood of unintended data leaks through routine AI usage.

Ransomware activity surges, heightening business disruption risks

In May 2026, publicly reported ransomware attacks reached 698 incidents—a 48% year-on-year increase. This marks the highest growth rate since the beginning of 2026, with increases observed across all regions. By industry, "Business Services" remained the most targeted sector, accounting for 35.1% of reported ransomware incidents. This was followed by "Consumer Goods & Services" (15.5%) and "Manufacturing" (9.9%).

Regionally, North America accounted for 49% of incidents, followed by Europe (22%) and APAC (19%). Notably, in APAC, the number of reported incidents more than doubled compared to the previous year.

Ransomware ecosystem expands, with concentration among elite groups like Qilin

In May 2026, a small number of active groups—including Qilin, The Gentlemen, and DragonForce—continued to lead ransomware operations. At the same time, the overall ransomware ecosystem is expanding, with both established and newly emerging groups contributing to market growth. This dual trend of concentration at the top and broadening at the base underscores the resilience of the ransomware ecosystem. While dominant groups maintain control, smaller threat actors are also increasing, posing ongoing risks across multiple industries.

This press release is based on a blog post originally published in English on June 9, 2026 (US time).

About Check Point Research
Check Point Research provides the latest cyber threat intelligence to Check Point’s customers and the broader threat intelligence community. By collecting and analyzing global cyberattack data stored in Check Point’s ThreatCloud AI, the team works to prevent hacker activity and enhance the effectiveness of security features in Check Point’s products. With over 100 analysts and researchers, the team collaborates with security vendors, law enforcement agencies, and CERT organizations worldwide to strengthen cybersecurity defenses.