The 14th "Cyber Security Report" from Check Point Software Technologies analyzes global attack data from 2025 and compares it with 2024. In Germany, an average of 1223 cyberattacks per company and week were registered - an increase of 14%. Austria recorded 1665 attacks (+12%) and Switzerland 1138 (+6%).

The education sector was particularly badly affected in Germany, with an average of 2885 attacks per institution per week, 235% more than the national average. This was followed by energy and utility companies (2011) and the telecommunications sector (1932). Other heavily targeted sectors were biotechnology and pharmaceuticals (1686), healthcare and medicine (1617) and the automotive industry (1573). Media and entertainment (1557), construction and engineering (1536), information technology (1453) and business services (1397) followed in 7th to 10th place.

The most commonly used tactics

The report describes an increasing shift towards multi-channel attack campaigns that combine social engineering with automated processes. Over a three-month period, 89% of organizations faced risky AI-related requests, with around one in 41 requests classified as high-risk. At the same time, the number of extorted ransomware victims grew by 53%, while new ransomware-as-a-service groups increased by 50%.

The analysts also recorded a sharp increase of 500% in so-called ClickFix techniques, which work with fake technical prompts. According to the report, vulnerabilities in edge devices, VPN appliances and IoT systems are increasingly being misused as entry points. A study of 10,000 MCP (Model Context Protocol) servers identified security vulnerabilities in AI infrastructures in 40% of cases.

Recommendations for security officers

Based on the trends observed, Check Point therefore recommends that all companies:

• Security fundamentals need to be revised for the age of AI: AI-driven attacks exploit speed, automation and trust in environments not designed for machine-driven threats. Organizations should re-evaluate controls for networks, endpoints, cloud, email and SASE to stop autonomous, coordinated attacks early.
• Enable secure adoption of AI: As AI becomes embedded into daily workflows, blocking its use can actually increase risk, as users will then simply use it surreptitiously and possibly out of sight of security teams. Therefore, they should control and be transparent about authorized and unauthorized AI usage to reduce the risk of risky prompts, data leaks and misuse.
• Protect the digital workspace: Social engineering now extends across email, browsers, collaboration tools, SaaS applications and voice channels. Security strategies must protect the workspace where human trust and AI-driven automation intersect.
• Securing the edge and infrastructure: Unmonitored edge devices, VPN appliances and IoT systems are increasingly being misused as stealthy gateways. Actively inventorying and securing these systems helps to prevent hidden dangers and reduce the time attackers spend in the system during an infiltration.
• Emphasize the prevention-first approach: With attacks happening at machine speed, preventative security is essential to stop threats before lateral movement, data loss or extortion occurs.
• Unified visibility across hybrid environments: Consistent visibility and enforcement across on-premises, cloud and edge environments reduces blind spots, reduces complexity and strengthens resilience.

The full Cyber Security Report 2026 is available for download at https://www.checkpoint.com/security-report/.