IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Check Point sees June cyberattacks jump 17% year on year

Check Point sees June cyberattacks jump 17% year on year

Fri, 10th Jul 2026 (Today)
Mark Tarre
MARK TARRE News Chief

Check Point reported a rise in global cyberattacks in June 2026. Its monthly figures also showed higher ransomware activity and persistent data leakage risks linked to generative AI use.

Organisations faced an average of 2,270 cyberattacks a week during the month, according to the latest threat statistics. That was 10% higher than the previous month and 17% above the level recorded a year earlier.

The increase was spread across most sectors and regions rather than concentrated in one area. Education remained the most targeted industry, with an average of 4,816 weekly attacks, followed by Government at 2,836 and Telecommunications at 2,835.

Those figures highlight the pressure on sectors that often combine large user bases with complex networks and, in some cases, tighter budget constraints. Education posted a 16% year-on-year increase, while Telecommunications rose 13% and Government 5%.

Regional pattern

Latin America remained the most attacked region, with organisations facing an average of 3,501 weekly attacks, up 27% from a year earlier.

APAC followed with 3,060 weekly attacks, up 5%, while Africa recorded 3,008, down 9%. Europe and North America posted stronger growth, rising 22% and 14% respectively, leaving Africa as the only region in decline.

The broad distribution of the increase suggests attackers widened their targeting across multiple markets. Rather than one geography absorbing most of the rise, activity increased across almost the entire global landscape.

GenAI risk

The report also highlighted ongoing concern over staff use of generative AI tools at work. One in 26 GenAI prompts from enterprise networks carried a high risk of exposing sensitive information, equal to a global exposure rate of 3.9%.

Among organisations that regularly use GenAI tools, 85% were affected by high-risk prompt activity. A further 27% of prompts contained potentially sensitive information. Each organisation used an average of seven GenAI tools during the month, while the average user generated 78 prompts.

The data suggests the issue is less about flaws in AI models than about the material employees submit into them. Customer records, legal documents, network details, financial information and HR data were all cited as examples of content entered into public or unmanaged systems.

Latin America again stood out on this measure, posting the highest regional rate of risky prompts at 5.2%. Europe matched the global average at 3.9%, while North America and APAC were slightly lower at 3.6% and 3.5%.

By sector, Healthcare and Medical showed the highest level of exposure at 5.7%. Telecommunications and Business Services followed at 5.1% each, with Information Technology at 4.1%.

Personal data was the most common type of sensitive content seen in prompts, appearing in 80% of organisations measured. Network and infrastructure details appeared in 62%, legal and regulatory material in 61%, financial data in 60%, and employee records in 57%.

Ransomware climb

Ransomware activity also rose during the month, with 646 attacks recorded, a 33% increase from the same month in 2025.

Business Services was the most affected industry, accounting for 31% of reported victims. Consumer Goods and Services made up 16%, while Industrial Manufacturing represented 14%.

The sector breakdown also showed a steady rise in attacks on Consumer Goods and Services over a three-month period, increasing from 14% of victims in April to 15% in May and 16% in June. Government also gained share, moving from 4.0% to 4.3% and then 5.4% over the same period.

North America accounted for 44% of reported ransomware incidents, the largest regional share. APAC represented 23% and Europe 22%.

APAC showed the sharpest change in ransomware exposure. Its share of global victims rose from 16.8% in April to 22.6% in June, indicating a rapid shift in attacker focus over two months.

Group rankings

The ransomware league table shifted during the month, with The Gentlemen taking the top spot. The group was responsible for 17% of published attacks, overtaking Qilin at 11%.

LockBit also rose sharply, increasing from 1% of published attacks in the previous month to 7%. That made it the third most prevalent ransomware group in the June figures.

The data suggests the ransomware market is shifting as newer groups expand and older names regain momentum. The Gentlemen's rise is notable because it moved into the leading position within roughly a year of emerging.

Check Point linked that ascent to a model that combines affiliate recruitment with access to a large stock of pre-exploited FortiGate devices. It estimated that the group had claimed more than 320 victims on its leak site and that the real number of compromises exceeded 1,570.

Qilin, by contrast, has been active for longer and has maintained a regular stream of victim disclosures since 2022. LockBit, one of the best-known names in ransomware, has shown renewed activity after a lower share in the previous month.

The figures point to a threat landscape in which attack volumes are rising on broad fronts, ransomware groups are changing places quickly, and GenAI use is creating a steady stream of data exposure risk inside organisations.

Among the regions tracked, Africa was the only one to post a year-on-year decline in weekly cyberattacks, falling 9% even as every other region recorded growth.