Cyberattacks Surge 21% Globally in Q2 2025: Education Sector and Europe Face Rising Threats

New research from Check Point reveals a 21% year-on-year increase in global cyberattacks in Q2 2025. Europe experiences the sharpest regional spike at 22%, while the education sector is hit hardest with over 4,300 weekly attacks per organisation. Ransomware incidents continue to rise, targeting critical industries including healthcare and business services.

The cyber threat landscape continues to intensify, with Check Point Research reporting a notable 21% year-on-year rise in weekly cyberattacks globally in the second quarter of 2025.

The findings are based on intelligence from Check Point’s ThreatCloud AI platform, which analyses millions of indicators of compromise (IoCs) every day across over 150,000 networks and millions of endpoints. This quarterly data highlights not only a general increase in cyberattacks but also identifies sectors and regions experiencing intensified targeting.

Europe records the steepest regional rise in cyberattacks, with a 22% increase year-on-year. In parallel, the education sector emerges as the most targeted globally, facing an average of 4,388 weekly attacks per organisation—a 31% surge compared to Q2 2024. These developments signal a shift in how threat actors prioritise targets, favouring sectors and regions with strategic value and potential vulnerabilities.

Education sector faces highest volume of weekly attacks

The education sector remains the top target globally, reporting 4,388 weekly cyberattacks per organisation, the highest of any industry. This represents a 31% increase year-on-year. Attackers likely exploit underfunded cybersecurity systems and the vast amounts of student and staff data accessible within these institutions.

Following education, government organisations face 2,632 weekly attacks on average (+26% YoY), and the telecommunications sector experiences a sharp 38% rise, with 2,612 attacks weekly. These sectors represent valuable targets due to their sensitive information and role in national infrastructure.

European organisations experience the sharpest rise in attacks

While Africa and the Asia-Pacific (APAC) regions report higher absolute attack volumes, Europe records the highest year-on-year growth in attacks at +22%. This increase is attributed to ongoing geopolitical tensions, a fragmented regulatory environment, and the region’s concentration of high-value data. The data underscores the growing need for unified cybersecurity strategies across European institutions.

Ransomware remains a persistent threat globally

In Q2 2025, more than 1,600 ransomware incidents are reported on public double-extortion “shame sites.” While these figures may not capture all incidents, they provide insight into major ongoing attacks. North America accounts for 53% of these disclosures, followed by Europe with 25%.

Business services, industrial manufacturing, and construction & engineering sectors are the most impacted by ransomware, collectively representing nearly 30% of all victims. The healthcare sector, dealing with critical and sensitive data, reports nearly 8% of incidents.

Key findings from Q2 2025

• Global weekly cyberattacks per organisation reach 1,984, a 21% increase YoY, and 58% higher than two years ago.
• The education sector experiences the highest volume of attacks, more than double the global average.
• Europe records the highest year-on-year growth in regional attack volume at +22%.
• Ransomware remains a prominent global threat, particularly in North America (53%) and Europe (25%).

Mark Weir, Regional Director, UK & Ireland at Check Point Software, highlights the urgency of the situation, stating:

“The sharp increase in cyberattacks this quarter highlights just how quickly the threat landscape is evolving, even here in the UK. With sectors like education, government, and telecommunications under constant pressure, organisations must prioritise prevention, strengthen visibility across their networks, and stay ahead of attackers before disruptions occur.”

Preparing for an evolving threat landscape

As attackers adapt their strategies and increase their focus on critical industries, organisations must enhance their cybersecurity frameworks through layered defence and proactive threat prevention. Check Point Research recommends several steps:

• Invest in prevention-first tools such as intrusion prevention systems (IPS) and anti-ransomware technologies.
• Improve endpoint and network protections with firewalls, email security, and advanced endpoint detection.
• Conduct regular user awareness programmes, including phishing simulations.
• Maintain secure, up-to-date backups and test disaster recovery protocols frequently.
• Implement zero trust architecture by validating access at every stage and segmenting networks.
• Stay updated with threat intelligence feeds to identify emerging risks in real time.

Check Point’s Q2 2025 threat intelligence provides a comprehensive view of a rapidly evolving cybersecurity landscape. The findings reveal a rise in both volume and sophistication of attacks, demanding immediate and coordinated responses across all sectors and regions. With education, government, and telecommunications facing rising threats—and ransomware targeting essential industries—organisations must act with urgency to build resilience and minimise potential impact.