In a month marked by rising ransomware campaigns and expanding misuse of enterprise GenAI tools, organizations worldwide faced an average of 2,003 cyberattacks per week in November 2025, according to new data from Check Point Research (CPR). The figure reflects a persistent surge in global cyber pressures—up 3% from October and 4% year-over-year—as attackers blend traditional ransomware tactics with emerging AI-enabled techniques.
GenAI becomes a major new data exposure vector
One of the most significant shifts highlighted in CPR’s analysis is the rising threat from improper use of Generative AI tools within enterprises. As AI-assisted workflows become routine, CPR found that 1 in every 35 GenAI prompts submitted from corporate networks posed a high risk of sensitive data leakage. The exposure affects approximately 87% of organizations using GenAI, pointing to the speed at which AI has embedded itself in everyday operations.
Another 22% of prompts were found to contain potentially sensitive assets—ranging from source code and internal communications to customer information and personal identifiers. This risk is amplified by the use of an average 11 GenAI tools per organization each month, many of which operate outside formal IT governance, creating unmonitored channels ripe for exploitation.
Education, government, and non-profits remain top targets
Education emerges again as the most targeted sector globally, absorbing 4,656 weekly attacks per organization—a 7% annual rise. Government institutions followed with 2,716 attacks, while associations and non-profits experienced the most dramatic surge: a 57% year-over-year jump.
Regionally, Latin America recorded the highest attack volumes with 3,048 weekly attacks per organization. North America saw a significant 9% year-over-year increase, driven heavily by ransomware activity. APAC, Africa, and Europe saw marginal declines or stabilization.
Ransomware intensifies worldwide, led by Qilin, Clop, and Akira
Ransomware continues to be the most economically damaging cyber threat. CPR recorded 727 publicly reported incidents in November, a 22% increase year-over-year. The United States accounted for more than half of global cases, followed by the UK and Canada.
Industrial Manufacturing (12%), Business Services (11%), and Consumer Goods (10%) were the hardest hit among industries. Groups such as Qilin (15%), Clop (15%), and Akira (12%) dominated the global ransomware landscape, collectively responsible for a significant share of disclosures.
Attackers are becoming more sophisticated
CPR notes that the combination of expanded GenAI usage and traditional ransomware techniques is creating a dangerous inflection point for enterprise security. “Along with the overall number of attacks continuing to rise, we see additional concern in the increasing sophistication behind these operations,” said Omer Dembinsky, Data Research Manager at Check Point Research. Prevention-first strategies, real-time AI defenses, and proactive threat intelligence, he added, are now essential to mitigating the scale and pace of attacks.
As organizations accelerate adoption of AI and multi-cloud services, CPR warns that the lack of controlled guardrails around GenAI tools could expose enterprises to new classes of cyber risks—ranging from inadvertent data leaks to AI-assisted code manipulation and enhanced phishing campaigns.