Check Point Software’s 2026 Cyber Security Report Shows Global Attacks Reach Record Levels as AI Accelerates the Threat Landscape

Rhea-AI Summary

Check Point (NASDAQ: CHKP) released its Cyber Security Report 2026, its 14th annual analysis, finding organizations faced an average of 1,968 cyber attacks per week in 2025 (a 70% increase since 2023).

The report details AI-driven automation across attacks, with 89% of organizations encountering risky AI prompts and about 1 in 41 prompts deemed high risk. Ransomware extorted victims rose 53% YoY and new RaaS groups increased 50%. Lakera reviewed 10,000 MCP servers, finding weaknesses in 40%.

Positive

• 14th annual Cyber Security Report published
• Report includes six concrete security recommendations for organizations
• Lakera completed analysis of 10,000 MCP servers

Negative

• Average of 1,968 attacks/week in 2025 (+70% since 2023)
• Ransomware extorted victims +53% YoY
• New ransomware-as-a-service groups increased 50%
• ClickFix social-engineering techniques surged 500%
• 89% of organizations encountered risky AI prompts; 1 in 41 prompts high risk
• 40% of 10,000 MCP servers reviewed showed security weaknesses

News Market Reaction

-1.48%

1 alert

-1.48% News Effect

On the day this news was published, CHKP declined 1.48%, reflecting a mild negative market reaction.

Data tracked by StockTitan Argus on the day of publication.

Key Figures

Weekly cyber attacks: 1,968 attacks per week Attack growth since 2023: 70% increase Organizations with risky AI prompts: 89% of organizations +5 more

8 metrics

Weekly cyber attacks 1,968 attacks per week Average experienced by organizations in 2025

Attack growth since 2023 70% increase Rise in average weekly cyber attacks since 2023

Organizations with risky AI prompts 89% of organizations Share encountering risky AI prompts in a three‑month period

High‑risk AI prompts rate 1 in every 41 prompts Frequency of high‑risk prompts among AI usage

Ransomware victims increase 53% year‑over‑year Increase in extorted ransomware victims

Ransomware‑as‑a‑service growth 50% rise Increase in new ransomware‑as‑a‑service groups

ClickFix technique surge 500% increase Growth in ClickFix social engineering campaigns

MCP servers with weaknesses 40% of 10,000 servers Share of Model Context Protocol servers showing security weaknesses

Market Reality Check

Price: $179.51 Vol: Volume 767,062 vs 20-day ...

low vol

$179.51 Last Close

Volume Volume 767,062 vs 20-day average 1,147,394 (relative volume 0.67). low

Technical Trading below 200-day MA at 202.58, about 21.94% under the 52-week high and 5.28% above the 52-week low.

Peers on Argus

CHKP was down 0.96% while key peers were mixed: FFIV up 0.71%, IOT down 5.21%, N...

1 Up

CHKP was down 0.96% while key peers were mixed: FFIV up 0.71%, IOT down 5.21%, NTNX down 4.49%, GDDY down 1.92%, GEN down 1.45%. Only FFIV appeared on the momentum scanner with an 8.44% upside move and no related news, suggesting CHKP’s trading was more stock-specific than sector-driven.

Previous AI Reports

5 past events · Latest: Jan 21 (Positive)

Same Type Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Jan 21	AI platform launch	Positive	-2.4%	Announced AI-driven Exposure Management platform for unified risk reduction.
Dec 04	AI firewall release	Positive	+1.9%	Released Quantum Firewall R82.10 with 20+ new AI-centric security features.
Dec 02	AI security event	Positive	+0.1%	Announced virtual event on securing AI transformation across hybrid environments.
Oct 28	AI Cloud Protect	Positive	+6.2%	Launched AI Cloud Protect for enterprise AI factories using NVIDIA BlueField.
Oct 28	AI benchmark launch	Positive	+6.2%	Introduced b3 open-source benchmark to test LLM security in AI agents.

Pattern Detected

Recent AI-tagged announcements have generally been received positively, with four out of five past events showing share price gains despite one notable pullback on an AI exposure management launch.

Recent Company History

Over the last several months, Check Point has repeatedly highlighted AI-focused initiatives. AI-tagged events on Oct 28, 2025 introduced AI Cloud Protect and the b3 benchmark, both followed by 6.18% moves. Subsequent AI-related webinars and product launches on Dec 2–4, 2025 and Jan 21, 2026 produced mixed but mostly positive reactions. Today’s AI-focused cyber threat report continues this narrative of positioning around AI-era security needs.

Historical Comparison

AI

+3.4 %

Average Historical Move

Historical Analysis

In the past year, CHKP issued 5 AI-tagged updates with an average move of 3.37%, ranging from a small pullback to solid single‑digit gains.

Typical Pattern

AI-tagged news has progressed from benchmarks and AI Cloud Protect to firewall upgrades, practitioner events, and exposure management, building a broader AI security portfolio.

Market Pulse Summary

This announcement underscores escalating AI-driven cyber risk, with organizations facing an average ...

Analysis

This announcement underscores escalating AI-driven cyber risk, with organizations facing an average of 1,968 weekly attacks and a 70% rise since 2023. It extends Check Point’s AI-centric narrative seen in prior launches like AI Cloud Protect and exposure management. Investors may watch how such thought‑leadership content reinforces demand trends, upcoming earnings on Feb 12, 2026, and adoption of AI-focused security offerings.

Key Terms

social engineering, ransomware-as-a-service, IoT, VPN, +3 more

7 terms

social engineering technical

"combine automation, AI, and social engineering across multiple channels"

Social engineering is the practice of manipulating people into revealing confidential information, granting access, or taking actions that compromise security, often by posing as a trusted person or using urgent, persuasive stories. For investors it matters because these scams can lead to direct financial loss, theft of sensitive corporate data, disrupted operations, or damage to a company’s reputation — similar to a con artist who tricks a business into handing over its keys.

ransomware-as-a-service technical

"a 53 % year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups"

A subscription-style criminal business model that sells or leases ready-made ransomware tools and support to other attackers, letting buyers deploy data-encrypting malware without needing deep technical skills — think of it like a black‑market software franchise. Investors care because it raises the likelihood and scale of cyberattacks on companies, increasing the chance of operational shutdowns, regulatory fines, remediation costs, reputational damage and sudden stock price declines.

IoT technical

"edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points"

The Internet of Things (IoT) describes a network of everyday devices—such as appliances, vehicles, and equipment—that are connected to the internet and can share data automatically. For investors, IoT represents a growing trend that can drive efficiency and innovation across many industries, potentially creating new opportunities for growth and value. Its expansion influences how companies operate and compete in a digitally connected world.

VPN technical

"edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points"

A VPN (virtual private network) creates a secure, private “tunnel” through the public internet that hides a device’s location and encrypts the data sent and received, like sealing a letter inside a locked envelope while it travels through the mail. For investors, VPNs matter because they reduce the risk of data breaches, support remote work and regulatory compliance, and represent a recurring-revenue market driver for companies that sell cybersecurity and networking services.

Model Context Protocol (MCP) technical

"40% of 10,000 Model Context Protocol (MCP) servers reviewed, highlighting growing exposure"

The Model Context Protocol (MCP) is a system that helps financial models understand and share information about market conditions and data. It’s like a common language that ensures different tools and models work together smoothly, making predictions and decisions more accurate and consistent.

SASE technical

"reassess controls across networks, endpoints, cloud, email, and SASE to stop autonomous"

SASE, or Secure Access Service Edge, is a modern technology that combines network security and access management into a single, cloud-based service. It ensures that users can safely connect to company resources from anywhere, much like having a secure, virtual gatekeeper that protects digital information. For investors, SASE matters because it reflects how organizations are adopting advanced security measures to support flexible, remote work environments and protect valuable data.

IoT systems technical

"edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points"

IoT systems are networks of everyday devices—sensors, machines, appliances and the software that connects them—so they can collect and share data and act without a person controlling each step. Think of them as a building’s nervous system, letting devices sense conditions and respond or report back. For investors, IoT systems matter because they can cut costs, enable new services and recurring revenue, and create growth opportunities while introducing operational and security risks that affect company value.

AI-generated analysis. Not financial advice.

Organizations face nearly 2,000 cyber attacks per week as attackers combine automation, AI, and social engineering across multiple channels

REDWOOD CITY, Calif., Jan. 28, 2026 (GLOBE NEWSWIRE) -- Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader in cyber security solutions, today released its Cyber Security Report 2026, the company’s 14th annual analysis of global cyber attack trends.

The report reveals that organizations experienced an average of 1,968 cyber attacks per week in 2025, representing a 70% increase since 2023, as attackers increasingly leverage automation and AI to move faster, scale more easily, and operate across multiple attack surfaces simultaneously.

AI is driving one of the fastest security shifts the industry has experienced, forcing organizations to reassess long-standing assumptions about how attacks originate, spread, and are stopped. Capabilities once limited to highly resourced threat actors are now widely accessible, enabling more personalized, coordinated, and scalable attacks against organizations of all sizes.

“AI is changing the mechanics of cyber attacks, not just their volume,” said Lotem Finkelstein, VP of Research at Check Point Software. “We are seeing attackers move from purely manual operations to increasingly higher levels of automation, with early signs of autonomous techniques emerging. Defending against this shift requires revalidating security foundations for the AI era and stopping threats before they can propagate.”

Key Findings from the Cyber Security Report 2026
The report highlights a clear shift toward integrated, multi-channel attack campaigns that combine human deception with machine-speed automation:

• AI-Driven Attacks Become More Autonomous: AI is increasingly embedded across attack workflows, accelerating reconnaissance, social engineering, and operational decision-making. During a three-month period, 89% of organizations encountered risky AI prompts, with approximately one in every 41 prompts classified as high risk, exposing new risks as AI becomes embedded in everyday business workflows.
• Ransomware Operations Continue to Fragment and Scale: The ransomware ecosystem has decentralized into smaller, specialized groups, contributing to a 53 % year-over-year increase in extorted victims and a 50% rise in new ransomware-as-a-service groups. AI is now being used to accelerate targeting, negotiation, and operational efficiency.
• Social Engineering Expands Beyond Email: Attackers are increasingly coordinating campaigns across email, web, phone, and collaboration platforms. ClickFix techniques surged by 500%, using fraudulent technical prompts to manipulate users, while phone-based impersonation evolved into more structured enterprise intrusion attempts. As AI becomes embedded in browsers, SaaS platforms, and collaboration tools, the digital workspace is emerging as a critical trust layer for attackers to exploit.
• Edge and Infrastructure Weaknesses Increase Exposure: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly used as operational relay points to blend into legitimate network traffic.
• New Risks Emerge in AI Infrastructure: An analysis conducted by Lakera, a Check Point company, identified security weaknesses in 40% of 10,000 Model Context Protocol (MCP) servers reviewed, highlighting growing exposure as AI systems, models, and agents become embedded in enterprise environments.
  

Recommendations for Security Leaders
The Cyber Security Report 2026 shows that defending against AI-driven threats requires rethinking how security is designed and enforced, not simply reacting faster. Based on the trends observed, Check Point recommends that organizations:

• Revalidate Security Foundations for the AI Era: AI-driven attacks exploit speed, automation, and trust across environments not built for machine-paced threats. Organizations should reassess controls across networks, endpoints, cloud, email, and SASE to stop autonomous, coordinated attacks early.
• Enable AI Adoption Securely: As AI becomes embedded in daily workflows, blocking its use can increase risk. Security teams should apply governance and visibility to sanctioned and unsanctioned AI usage to reduce exposure from high-risk prompts, data leakage, and misuse.
• Protect the Digital Workspace: Social engineering now spans email, browsers, collaboration tools, SaaS applications, and voice channels. Security strategies must protect the workspace where human trust and AI-driven automation intersect.
• Harden Edge and Infrastructure: Unmonitored edge devices, VPN appliances, and IoT systems are increasingly exploited as stealthy entry points. Actively inventorying and securing these assets helps reduce hidden exposure and attacker persistence.
• Adopt a Prevention-First Approach: With attacks operating at machine speed, prevention-led security is essential to stop threats before lateral movement; data loss, or extortion can occur.
• Unify Visibility Across Hybrid Environments: Consistent visibility and enforcement across on-premises, cloud, and edge environments reduce blind spots, lower complexity, and strengthen resilience.

Availability
The full Cyber Security Report 2026 is available for download here. Check Point will also host a livestream discussing key findings and recommendations from the report.

Follow Check Point on LinkedIn, X (formerly Twitter), Facebook, YouTube and our blog.

About Check Point Software Technologies Ltd. 

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading protector of digital trust, utilizing AI-powered cyber security solutions to safeguard over 100,000 organizations globally. Through its Infinity Platform and an open garden ecosystem, Check Point’s prevention-first approach delivers industry-leading security efficacy while reducing risk. Employing a hybrid mesh network architecture with SASE at its core, the Infinity Platform unifies the management of on-premises, cloud, and workspace environments to offer flexibility, simplicity and scale for enterprises and service providers.

Legal Notice Regarding Forward-Looking Statements 
This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point’s industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on March 17, 2025. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law. 

MEDIA CONTACT:	INVESTOR CONTACT:
Emilie Beneitez Lefebvre	Kip E. Meintzer
Check Point Software Technologies	Check Point Software Technologies
press@us.checkpoint.com	ir@us.checkpoint.com

FAQ

How many cyber attacks did Check Point report for 2025 and what is the trend for CHKP?

Check Point reported an average of 1,968 attacks per week in 2025, a 70% increase since 2023. According to the company, attackers are scaling operations using AI and automation, accelerating attack frequency and complexity.

What did Check Point say about AI-driven attack risks in the Cyber Security Report 2026 (CHKP)?

According to the company, 89% of organizations encountered risky AI prompts and about 1 in 41 prompts were high risk. The report warns AI is increasing automation, personalization, and speed of attacks across channels.

What ransomware trends did Check Point identify that could affect CHKP customers?

The report found ransomware extorted victims rose 53% year-over-year and new RaaS groups grew 50%. According to the company, ransomware operations are fragmenting and using AI for targeting and negotiations.

What specific social engineering changes did Check Point highlight in 2026 (CHKP)?

Check Point highlighted multi-channel social engineering, with ClickFix techniques up 500% and coordinated email, web, phone, and collaboration attacks. According to the company, attackers exploit human trust across digital workspaces and SaaS tools.

What did Lakera's analysis reveal about AI infrastructure vulnerabilities in the Check Point report?

According to the company, Lakera reviewed 10,000 MCP servers and found security weaknesses in 40% of them. The report flags rising exposure as AI models and agents are embedded in enterprise environments.

What recommendations did Check Point give for security leaders in the Cyber Security Report 2026 (CHKP)?

The company recommends revalidating security foundations, enabling secure AI adoption, protecting the digital workspace, hardening edge infrastructure, adopting prevention-first approaches, and unifying visibility across hybrid environments.