Check Point Research (CPR), the threat intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP, hereinafter 'Check Point'), a global leader in cybersecurity, has announced the results of its global threat intelligence analysis for June 2026.
In June 2026, organizations worldwide experienced an average of 2,270 cyberattacks per organization per week, a 10% increase from the previous month and a 17% rise year-on-year. After a temporary lull observed in May, June saw a broad resurgence in attack volumes across all regions and industries. The increase was not concentrated in specific areas but occurred simultaneously in nearly every location, indicating that attackers are expanding their activities to a wider range of targets.
Japan recorded an average of 1,635 weekly cyberattacks per organization, a decrease from the 1,869 attacks recorded in May. However, it registered the highest year-on-year growth in the APAC region, with a 30% increase.
Omer Dembinsky, Data Research Manager at CPR, stated: "The June data indicates not a one-off spike, but a broad reactivation of cyber activity across the board. Attackers are expanding their reach across regions and industries, and ransomware groups continue to reorganize and scale up. The rise of The Gentlemen to the top spot among the most active ransomware groups clearly demonstrates how emerging threat actors can rapidly grow into global threats. Organizations must adopt AI-powered, prevention-first security to protect networks, users, data, and AI workflows before attacks can take effect."
Education & Research, Government & Military, and Communications Remain Most Targeted Sectors
The "Education & Research" sector remained the most targeted industry globally in June, experiencing an average of 4,816 attacks per organization per week, a 16% increase year-on-year. In addition to open academic networks, frequent device turnover and limited security resources continue to make educational and research institutions attractive targets for threat actors.
Following this, the "Government & Military" sector faced an average of 2,836 weekly attacks (5% YoY increase), while the "Communications" industry recorded 2,835 weekly attacks (13% YoY increase). These three sectors continue to account for a disproportionately large share of global attack volumes. This pattern has repeated over recent months and was again confirmed in June.
Cyberattacks Increased Year-on-Year in Most Regions, with Latin America Showing the Highest Growth
Latin America remained the most attacked region, with an average of 3,501 attacks per organization per week (27% YoY increase). APAC followed with 3,060 weekly attacks (5% YoY increase), while Africa recorded 3,008 weekly attacks, a 9% decrease from the previous year, yet still among the most attacked regions globally.
Europe and North America also showed significant increases, rising 22% and 14% respectively. This widespread surge reflects that the reactivation of attacks in June was not limited to specific markets but indicates attackers are expanding their operations across the global threat landscape.
Generative AI Data Leak Risks Remain High, Highest in Healthcare & Medical and Communications Sectors
Risks of data leaks related to generative AI in enterprises continue to remain at high levels. In June 2026, the following conditions were observed:
- 1 in 26 enterprise generative AI prompts (3.9%) contained content with high risk of sensitive data leakage - This risk potentially affects 85% of organizations that regularly use generative AI tools - 27% of prompts contained information that could qualify as sensitive - On average, 7 types of generative AI tools are used per organization - The average enterprise user generates 78 prompts per month
By region, Latin America recorded the highest value for generative AI-related data leak risks, with 5.2% of prompts showing risk of sensitive data leakage—significantly exceeding the global average. In contrast, Europe matched the global average at 3.9%.
By industry, the "Healthcare & Medical" sector had the highest risk at 5.7%, followed by "Communications" and "Business Services" at 5.1% each, and the "IT" sector at 4.1%.
Regarding data types, personally identifiable information (PII) was found in 80% of affected organizations, followed by network and IT infrastructure, legal and regulatory information, financial data, and employee and HR information. This indicates that generative AI-related data leaks span multiple business domains.
Ransomware Attacks Continue to Rise, with "Business Services" as Primary Target
In June 2026, publicly reported ransomware attacks totaled 646, a 33% increase year-on-year. The "Business Services" sector remained the most affected, accounting for 31% of all reported incidents. This was followed by "Consumer Goods & Services" at 16% and "Manufacturing" at 14%. The "Government & Military" sector also saw a continuous rise in its share of ransomware victims, increasing from 4.0% in April 2026 to 5.4% in June. Notably, the number of incidents in APAC surged, surpassing Europe to become the second most affected region after North America.
The Gentlemen Surpasses Qilin as Most Active Ransomware Group
The most significant change in ransomware activity in June 2026 occurred at the group level. The Gentlemen was involved in 17% of reported attacks, becoming the most active ransomware group, surpassing Qilin, which accounted for 11%. LockBit also showed a significant increase, rising from 1% of reported attacks in May to 7% in June, becoming the third most active group. The rapid rise of The Gentlemen demonstrates that emerging Ransomware-as-a-Service (RaaS) groups possess the capability to rapidly and continuously scale up through affiliate recruitment, pre-established access, and evolving evasion techniques.
For more details on the June 2026 cyber threat landscape, visit the CPR blog.
This press release is based on a blog published in English on July 9, 2026, US time.
About Check Point Research Check Point Research provides the latest cyber threat intelligence to Check Point's customers and the threat intelligence community. It leverages ThreatCloud AI, Check Point's threat intelligence engine, which stores data on cyberattacks from around the world.
FACT BOX
- Source: PR TIMES
- Category: Survey
- Products / services: ThreatCloud AI / Check Point Research