Africa continues to face significant cyber security challenges despite a slight decline in overall attack activity, according to the latest Global Threat Intelligence report released by Check Point Research (CPR), the threat intelligence division of Check Point Software Technologies.
The report, which analyzes cyber threat activity for May 2026, found that organizations worldwide experienced an average of 2,055 cyber attacks per week, representing a 2% increase compared to the same period last year. While Latin America remained the most targeted region globally with 3,149 attacks per organization per week, Africa followed closely with nearly 3,000 weekly attacks per organization.
Ethiopia, Nigeria, Zimbabwe, Angola and Mozambique Among Africa’s Most Targeted Countries
The findings highlight several African nations facing exceptionally high levels of cyber attacks. Angola recorded an average of 4,046 attacks per organization each week, while Nigeria followed closely with 3,941 attacks—both more than double the global average.
Other heavily targeted countries included Ethiopia, Zimbabwe, and Mozambique. In comparison, organizations in Kenya experienced 2,443 attacks per week, while South African organizations faced 1,738 weekly attacks.
Although Africa registered a year-on-year decline in overall attack volumes, the continent remains one of the world’s most targeted regions due to persistent cyber threats, growing ransomware campaigns, hacktivist activity, and increasingly sophisticated AI-powered attacks.
“May’s numbers show that attackers are continuously adapting, shifting their timing and techniques rather than slowing down. As ransomware scales and GenAI adoption accelerates across enterprises, organisations must assume constant exposure and prioritise prevention-first, AI-driven security strategies that can stop threats before impact,” said Omer Dembinsky, Data Research Manager at Check Point Research.
Ransomware Attacks Rise Sharply Across Africa
One of the most concerning trends identified in the report is the rapid increase in ransomware attacks.
Globally, 698 ransomware incidents were publicly reported in May 2026, marking a 48% increase compared to the previous year and representing the highest annual growth rate recorded so far this year.
Security experts note that the nature of cyber attacks in Africa is evolving. Rather than focusing primarily on disruption, cybercriminals are increasingly pursuing financially motivated operations designed to extract ransom payments or steal valuable data.
According to Hendrik de Bruin, Head of Security Consulting for Africa at Check Point Software, sectors such as Business Services and Financial Services have become prime targets due to their ability to pay extortion demands and the high value of the information they hold.
“Ransomware groups continue to apply sustained pressure on African organisations. Business Services and Financial Services emerged among the most frequently targeted sectors in Africa, highlighting the increasing focus on organisations capable of paying extortion demands or possessing valuable data,” he said.
Government and Critical Infrastructure Under Growing Pressure
Government agencies and critical infrastructure providers continue to attract significant attention from cyber threat actors.
Globally, government organizations ranked as the second most targeted sector, experiencing an average of 2,620 weekly attacks per organization. Telecommunications companies ranked third with 2,583 attacks per organization each week.
Across Africa, cyber attacks targeting government institutions and national infrastructure have intensified. Egypt experienced coordinated disruption campaigns against public service portals, reportedly linked to hacktivist groups seeking political visibility and operational impact.
South Africa also faced a series of high-profile cyber incidents involving major public institutions, including the South African Revenue Service (SARS), the State Information Technology Agency (SITA), and the City of Ekurhuleni.
Telecommunications providers were similarly targeted, highlighting the growing focus on interconnected public infrastructure and essential services.
Education Sector Remains the World’s Most Targeted Industry
For yet another month, the Education sector recorded the highest number of cyber attacks globally.
Educational institutions experienced an average of 4,641 attacks per organization per week, representing a 7% increase year on year.
Schools, colleges, and universities continue to be attractive targets because of their large user populations, open digital environments, and often limited cyber security resources.
Beyond education, significant increases in cyber attacks were also observed across Agriculture, Hospitality, Travel and Recreation, Construction, and Engineering sectors, demonstrating how digital transformation is expanding cyber risk across multiple industries.
Unpatched Systems Continue to Create Security Gaps
The report also highlights the growing exploitation of perimeter vulnerabilities, particularly authentication bypass flaws affecting commonly used VPNs and firewall technologies.
Cybercriminals are increasingly using these weaknesses as entry points into corporate networks. Once inside, attackers can move laterally across systems, steal credentials, exfiltrate sensitive information, and deploy ransomware more efficiently.
“For many organisations across Africa that are still strengthening cyber resilience capabilities, unpatched perimeter systems remain one of the most significant sources of exposure,” said de Bruin.
Generative AI Creates New Cyber Security Risks
As businesses rapidly adopt Generative AI technologies, new cyber security concerns are emerging.
Check Point Research found that one in every 25 GenAI prompts submitted from enterprise environments carried a high risk of exposing sensitive data. The issue affected 91% of organizations actively using GenAI tools during May.
Additionally, 22% of prompts contained potentially sensitive information. On average, organizations used nine different GenAI applications during the month, while individual users generated approximately 70 prompts.
Security experts warn that cybercriminals are also leveraging AI technologies to enhance phishing campaigns, accelerate credential theft, improve social engineering attacks, and streamline data exfiltration efforts.
“While organisations continue to embrace generative AI technologies, the pace of adoption is increasingly outstripping governance and security controls. The result is a threat environment where AI is simultaneously driving productivity gains and expanding organisational risk,” de Bruin explained.
Cyber Risks Remain Elevated Despite Lower Attack Volumes
While May recorded relatively lower attack volumes compared to previous months, experts caution against interpreting the trend as a reduction in cyber risk.
Instead, threat actors appear to be reorganizing their strategies, shifting toward more targeted, financially motivated campaigns and leveraging advanced technologies such as artificial intelligence.
For African organizations, the findings reinforce the need to strengthen cyber resilience through proactive security measures, improved vulnerability management, ransomware preparedness, and stronger governance around emerging AI technologies.
“The numbers may have been quieter in May, but the underlying risk environment remains firmly elevated,” de Bruin concluded.
