Sponsored
ICT

Nigeria, Ethiopia, Zimbabwe, Angola & Mozambique Witness More Cyber-Attacks In Africa – Check Point May 2026 Report Finds

Sponsored
Sponsored

Check Point Research, the threat intelligence arm of Check Point Software Technologies, has released its Global Threat Intelligence insights for May 2026, revealing a global average of 2,055 cyber-attacks per organisation per week, representing a 2% increase year on year. Latin America remained the most targeted region, recording an average of 3,149 weekly attacks per organisation and a 13% year-on-year increase.  Africa followed at just under 3000 attacks per organisation per week.
Notably, Ethiopia, Nigeria, Zimbabwe, Angola, and Mozambique are the most attacked countries on the continent. Angola and Nigeria attack levels are double the global average at 4 046 and 3 941 per organisation per week, respectively.  These figures compare to Kenya and South Africa whose organisations faced 2443 and 1738 attacks per week, respectively.
While Africa recorded a year-on-year decline in overall attack activity, it remains among the most targeted regions globally. This is due to persistently high attack volumes, expanding ransomware activity, hacktivist campaigns, and increasingly sophisticated AI-enabled threats, all of which contribute to significant cyber risk for Africa organisations both public and private.
“May’s numbers show that attackers are continuously adapting, shifting their timing and techniques rather than slowing down. As ransomware scales and GenAI adoption accelerates across enterprises, organisations must assume constant exposure and prioritise prevention-first, AI-driven security strategies that can stop threats before impact,”said Omer Dembinsky, Data Research Manager at Check Point Research.

Africa in Focus: A Shift from Disruption to Monetisation

Ransomware remains one of the most significant cyber threats globally in May, with 698 publicly reported attacks, representing a 48% increase year on year — the sharpest annual increase recorded in 2026.

Importantly, for Africa, the composition of attacks has changed. Threat activity has shifted away from mass disruption, toward financially motivated operations, reinforcing a trend that security teams across the continent have observed throughout the past year.
“Ransomware groups continue to apply sustained pressure on African organisations.  Business Services and Financial Services emerged among the most frequently targeted sectors in Africa, highlighting the increasing focus on organisations capable of paying extortion demands or possessing valuable data,” says Hendrik de Bruin, Head: Security Consulting: Africa at Check Point Software.

Government and Critical Infrastructure Face Concentrated Pressure

Globally, Government ranked as the second most targeted sector in May, experiencing an average of 2,620 weekly attacks per organisation, while Telecommunications ranked third with 2,583 weekly attacks.

In Africa, this pressure was particularly visible in attacks targeting government services and national infrastructure. Government and public-service portals, particularly in Egypt, experienced coordinated disruption campaigns linked to hacktivist-aligned actors seeking both political visibility and operational impact. In South Africa, several prominent Government institutions were reportedly breached, including the South African Revenue Service (SARS), SITA, and the City of Ekurhuleni.

Telecommunications providers were also targeted during the same campaign cycle, demonstrating how threat actors increasingly focus on interconnected public infrastructure. The concentration of attacks against government institutions, financial services, and telecommunications within a single geography underscores the continued attractiveness of high-visibility national infrastructure as a target.

Education Remains the Most Targeted Industry Worldwide

The Education sector once again ranked as the most attacked industry globally, facing an average of 4,641 weekly attacks per organisation, a 7% increase year on year.
Educational institutions continue to present attractive targets due to large user populations, open digital environments, and often constrained cyber security resources. Beyond Education, notable increases were also recorded across Agriculture, Hospitality, Travel and Recreation, and Construction and Engineering, demonstrating how digital transformation is expanding the cyber attack surface across a growing range of industries.

Perimeter Vulnerabilities Continue to Fuel Intrusions

The May findings also highlighted growing exploitation of perimeter vulnerabilities, including authentication bypass flaws affecting widely deployed VPN and firewall technologies. These vulnerabilities provide attackers with trusted access into enterprise environments and increasingly serve as entry points for ransomware operations. Once inside, threat actors can move laterally, steal credentials, and deploy ransomware or data theft operations with greater speed and efficiency.

“For many organisations across Africa that are still strengthening cyber resilience capabilities, unpatched perimeter systems remain one of the most significant sources of exposure,” de Bruin says

GenAI Adoption Creates New Exposure Risks

Check Point Research found that one in every 25 GenAI prompts submitted from enterprise environments posed a high risk of sensitive data leakage during May, affecting 91% of organisations actively using GenAI tools. An additional 22% of prompts contained potentially sensitive information.  Organisations used an average of nine different GenAI applications during the month, while the typical enterprise user generated approximately 70 prompts.

Africa is experiencing the same exposure challenges. Threat actors are increasingly leveraging AI-assisted techniques to accelerate cyber attacks, enabling faster credential harvesting, more convincing phishing campaigns, improved social engineering, and quicker data exfiltration following compromise.
“While organisations continue to embrace generative AI technologies, the pace of adoption is increasingly outstripping governance and security controls.The result is a threat environment where AI is simultaneously driving productivity gains and expanding organisational risk,” de Bruin says.

Looking Ahead

May’s lower attack volumes should not be interpreted as a reduction in cyber risk. Instead, the data points to a threat landscape undergoing strategic reorganisation.

“For African organisations, the findings reinforce the need to prioritise proactive security strategies focused on prevention, vulnerability management, ransomware resilience, and governance around emerging AI technologies. The numbers may have been quieter in May, but the underlying risk environment remains firmly elevated,” de Bruin concludes.

Sponsored
Alinnor Arinze

Recent Posts

Security Team Rescues Mother, Two-Year-Old Son in Kwara Forest As Kidnappers’ Ransom Plot Foiled

A joint security operation has rescued a woman and her two-year-old son who were allegedly…

1 hour ago

NWF Confident of Strong Commonwealth Games Showing as Weightlifters Land In Aberdeen

AFOLABI SAHEED OLAWALE  The first batch of Team Nigeria's weightlifting contingent has arrived safely in…

1 hour ago

Florence Ajimobi Resumes As Nigeria’s Ambassador To Austria, Pledges To Strengthen Bilateral Ties

Former First Lady of Oyo State, Dr. (Mrs.) Florence Ajimobi, has formally resumed her diplomatic…

1 hour ago

Ikeja LG Flags Off ‘Snack For Thought (PBAT Feeds)’ Advocacy Programme On National Home-Grown School Feeding Initiative

Ikeja Local Government, Lagos State, has pledged its commitment to support initiatives that promote the…

1 hour ago

Scotland 2026: Team Nigeria Land At Pre-Games Camp In Aberdeen

AFOLABI SAHEED OLAWALE Director General of the National Sports Commission (NSC) and Chef de Mission…

6 hours ago

World Bank Confirms Anambra Did Not Express Interest In 2024 World Bank HOPE-Governance Loan Programme

CHRISTIAN ABURIME  The World Bank has confirmed that Anambra State did not express interest to…

7 hours ago
Sponsored