Cyber attacks on businesses continue to escalate in 2025, with global organisations experiencing an average of 1,925 incidents per week in Q1, which is a 47% increase compared to the same period last year, according to new research from Check Point.
The education sector was the hardest hit, with each institute facing an average of 4,484 weekly attacks. Government and telecommunications followed, with the latter recording the largest year-over-year spike at 94%.
“The growing reliance on digital infrastructure in these industries, coupled with their public-facing nature, makes these critical infrastructure sectors prime targets for cyber criminals looking to exploit vulnerabilities,” the researchers said in a press release.
Cyber security experts attribute the surge to increasingly structured criminal operations. “Ransomware and other cyber attacks have increased so significantly because the business of cyber attacks has changed,” David Ratner, the chief executive officer of threat intelligence firm HYAS, told TechRepublic in an email.
“It’s now run as an actual business, where criminals create tools that they sell to other criminals, making it easier and cheaper for non-experts to launch malware, ransomware, and other attacks.”
Ben Hartwig, data security expert with public record directory Infotracer, agrees, telling TechRepublic in an email: “Ten years ago, most attacks were opportunistic. Today, they’re run like franchises. Organised groups exploit supply chains, remote work infrastructure, and unpatched enterprise software.
“Our team has seen a shift from broad phishing to highly targeted access brokers who specialise in breaching specific verticals, such as healthcare and education. The rise of ransomware-as-a-service models has also dramatically reduced the barrier to entry for bad actors.”
SEE: Quick Glossary: Cybersecurity Attack Response and Mitigation from TechRepublic Premium
In the first quarter of 2025, 2,289 ransomware attacks were reported, which is a 126% increase on the same period of 2024. The UK alone has seen a number of high-profile ransomware attacks in 2024 and 2025, including those on supermarkets Sainsbury’s, Morrisons, M&S and Co-op, Legal Aid Agency, and pathology company Synnovis, which disrupted NHS operations.
Check Point’s findings are based on its global threat intelligence network, which monitors 150,000 networks and millions of endpoint devices, supplemented by multiple external feeds scanned daily.
Cyber criminals use their AI, and yours, for attacks
Experts also cite the growing accessibility of artificial intelligence tools as a key factor behind the surge. “Entry-level attackers no longer need to build exploits; they can purchase pre-packaged access or even rent access to compromised environments through Telegram channels or dark web forums,” Hartwig said. “This commoditisation has enabled attacks that surpass the defences of most small to mid-sized businesses.”
Research has found that many of today’s easily accessible AI chatbots, including ChatGPT, Gemini, and Claude, can be manipulated using prompt-based attacks to generate harmful content. Jailbroken versions such as WormGPT and GhostGPT are also circulating on underground forums, often offered at low or no cost.
A recent report from Europol found that organised crime gangs in Europe are using AI for fraud, data theft, and money laundering. These activities accompany more visible threats such as AI-generated malware, automated ransomware, and deepfakes impersonating senior executives.
While many businesses are eager to deploy AI to boost efficiency, experts warn that doing so can introduce new vulnerabilities. According to a study by insurer QBE, 56% of UK businesses that experienced cyber attacks last year said they were linked to third-party suppliers, including AI providers.
One growing tactic involves exploiting AI coding tools like GitHub Copilot or ChatGP, which occasionally hallucinate non-existent software packages, inadvertently tricking developers into downloading malicious code.
“Businesses are increasingly interconnected, and even the strongest internal cybersecurity measures can fall short if vulnerabilities exist within their supply chains,” David Warr, QBE Insurance Portfolio Manager for Cyber, said in a press release. “It’s essential for organisations to assess and secure their entire IT ecosystem, including third-party partners.”
