‘s November 2025 threat intelligence reveals a sustained escalation in cyber risk. Organizations worldwide face an average of 2,003 cyberattacks per week—a 3% increase from October and 4% year-over-year growth. Ransomware activity spiked 22% annually, while generative AI adoption is creating new data exposure vectors, with 1 in 35 enterprise GenAI prompts posing high risk of data leakage and 22% containing sensitive information.
Attack Volume and Sectoral Targets
The Education sector remains the most targeted globally, averaging 4,656 weekly attacks per organization, up 7% year-over-year. Government institutions follow with 2,716 weekly attacks, while Associations and Non-profits experienced a dramatic 57% year-over-year surge to 2,550 attacks per week. This concentration in public-sector and mission-critical organisations suggests attackers are prioritising high-impact targets where operational disruption commands premium ransom demands or carries geopolitical significance.
Regionally, Latin America reported the highest attack volumes at 3,048 attacks per organization per week (up 17% year-over-year). North America recorded a 9% year-over-year rise, driven by intensified ransomware activity, while APAC held steady and Europe declined slightly. This geographic variation reflects both attacker targeting preferences and the maturity of security operations in different regions.
Ransomware: 22% Year-Over-Year Growth
Ransomware remains the most financially disruptive cyber threat. November saw 727 publicly reported incidents globally, a 22% increase year-over-year. North America accounted for 55% of all reported cases, with the United States alone representing 52% of global incidents. The United Kingdom (4%) and Canada (3%) rounded out the top three.
By industry, Industrial Manufacturing (12%), Business Services (11%), and Consumer Goods and Services (10%) faced the highest incident rates. This sectoral concentration reflects attackers’ strategy of targeting industries where downtime is extremely costly and operational continuity demands rapid payment.
The leading ransomware groups in November were Qilin (15%), Clop (15%), and Akira (12%), collectively accounting for a substantial portion of victim disclosures and demonstrating the continued dominance of established threat actors even as new groups emerge.
GenAI as Both Accelerant and Exposure Vector
Enterprise adoption of generative AI is expanding rapidly, but security frameworks have not kept pace. Check Point Research found that 1 in every 35 GenAI prompts submitted from enterprise networks posed high risk of data leakage, impacting 87% of organizations using GenAI regularly. An additional 22% of prompts contained potentially sensitive information—internal communications, customer data, proprietary code, or personal identifiers.
This data exposure creates a cascade of secondary risks. Attackers can use inadvertently disclosed information to refine social engineering campaigns, identify high-value targets, or craft malware payloads tailored to specific organisation architectures. The problem is compounded by the fact that organisations average 11 different GenAI tools per month, most operating outside formal security governance. This fragmentation creates blind spots where data leakage in one tool remains invisible to centralized security teams.
The Need for Prevention-First Architecture
Check Point Research’s Omer Dembinsky underscored the severity: “The combination of ransomware growth and GenAI-related data exposure provides attackers with more tools and opportunities to execute damaging campaigns. The only effective approach is prevention-first, powered by real-time AI and proactive threat intelligence to block attacks before they cause harm.”
This framing shifts the paradigm from detection-and-response to prevention-first architecture. For enterprises, this means real-time visibility across all GenAI tool usage, behavioural analysis to detect anomalous data exfiltration, and integrated threat intelligence that connects ransomware campaigns with upstream data reconnaissance activities.
Implications for India Inc
For India’s digital economy, the convergence of ransomware sophistication and GenAI-driven data exposure poses acute risk. Indian enterprises are accelerating GenAI adoption—particularly in financial services, manufacturing, and government—while often lacking centralized governance over tool proliferation. Manufacturing and BFSI sectors, both critical to India’s export and financial systems, are among the top targets globally.
The report reinforces the urgency of implementing full-stack governance: consolidating GenAI tools under security oversight, mandating data classification and prompt auditing, deploying behavioural detection at the endpoint, and maintaining real-time threat intelligence integration to predict and block ransomware campaigns before they impact operations.
