UK organisations faced an average of 1,589 cyber attacks per week in June 2026, a 34% increase compared with the same month last year, according to new threat intelligence from Check Point Research, the intelligence arm of Check Point Software Technologies.
The UK figure outpaces the global trend line. Worldwide, organisations experienced an average of 2,270 weekly attacks in June, up 17% year on year and 10% month on month, as a brief lull in May gave way to a broad rebound across regions and industries. Rather than concentrating in one geography or sector, the increase in attack volume appeared almost everywhere at once, a pattern researchers say points to attackers widening their targeting rather than intensifying pressure on a single weak point.
“June’s data shows a broad rebound in cyber activity, not a single isolated spike,” said Omer Dembinsky, Data Research Manager at Check Point Research. “Attackers are widening their reach across regions and industries, while ransomware groups continue to reorganise and scale. Organisations need prevention-first, AI-driven security that protects networks, users, data and AI workflows before attacks can cause impact.”
Education, Government and Telecommunications remained the most targeted sectors globally. Education organisations faced an average of 4,816 weekly attacks, up 16% year on year, with open campus networks and constrained security budgets continuing to make schools and universities attractive targets. Government followed at 2,836 weekly attacks (up 5%), while Telecommunications recorded 2,835 (up 13%).
Regionally, Latin America remained the most heavily targeted, with 3,501 weekly attacks on average, a 27% year-on-year rise. Europe posted one of the sharpest regional increases globally at 22%, a trend the UK figures sit within and, on this data, exceed.
Ransomware activity intensified sharply in June, with 646 attacks recorded, a 33% rise on June 2025. Business Services remained the most targeted industry, accounting for 31% of reported victims, followed by Consumer Goods and Services (16%) and Industrial Manufacturing (14%). Government’s share of ransomware victims has climbed steadily, from 4.0% in April to 5.4% in June.
The most notable development was at the group level. The Gentlemen, a ransomware-as-a-service operation founded in mid-2025, overtook Qilin to become the most active ransomware group, responsible for 17% of published attacks compared with Qilin’s 11%. LockBit also surged, rising from 1% of published attacks in May to 7% in June, making it the third most prevalent group.
Check Point Research attributes The Gentlemen’s rapid rise to an unusual dual model: the group functions simultaneously as a RaaS provider and an Initial Access Broker, giving affiliates self-service access to an estimated 14,000 pre-exploited FortiGate devices tied to CVE-2024-55591. Researchers have linked the group to more than 320 confirmed data-leak-site victims, with an estimated 1,570+ actual compromises, placing it among the top seven ransomware threats globally within a year of launch. Its targeting is notably atypical, with the US accounting for only 12% of victims against a 50% ecosystem average, reflecting a victim-selection model driven by device availability rather than deliberate geographic targeting. The group’s cross-platform lockers target Windows, Linux and ESXi environments, and a May 2026 operator communication signalled a shift from blunt-force BYOVD-based EDR killing toward more surgical userland evasion techniques.
GenAI-related exposure also remained a persistent risk through June. Check Point Research found that 1 in every 26 enterprise GenAI prompts carried a high risk of sensitive data leakage, a global exposure rate of 3.9%, affecting 85% of organisations that regularly use GenAI tools. A further 27% of prompts contained potentially sensitive information. Healthcare and Medical organisations carried the highest exposure at 5.7%, followed by Telecommunications and Business Services at 5.1% each. Personal data was the most common category of sensitive information exposed, appearing across 80% of affected organisations.
With UK attack volumes rising faster than the global average, researchers say the combination of broader attacker targeting, a reshuffled ransomware leaderboard and steady GenAI-related exposure underscores the case for prevention-first security architectures that span network, cloud, endpoint and user activity.




