Nigeria recorded an average of 6,101 cyberattacks weekly in July 2025

A global threat intelligence report by Check Point Research (CPR) has revealed that Nigeria recorded an average of 6,101 weekly cyberattacks in July 2025. This represents a 67% increase year-on-year (YoY).

The attacks cut across sectors: telecommunications, government, business and financial services. The findings also reveal a disturbing escalation in both the scale and sophistication of cyberattacks.

In all, the report noted that Africa recorded an average of 3,374 weekly cyberattacks per organisation. The figure represents the highest average number of attacks globally with a 7% YoY increase that cut across targeted sectors like telecoms, government and financial services, closely followed by energy and utilities.

“For organisations in Africa, these figures are particularly concerning. While Africa rapidly rolls out digital transformation strategies, its cybersecurity defences are lagging. Prevention-first strategies, powered by AI, are the only way to stay ahead,” says Lorna Hardie, Regional Director: Africa, Check Point Software Technologies. 

While Nigeria saw the highest cyberattacks with 6,101 weekly per organisation, Angola experienced 3,731, a 43% YoY decrease, Kenya with 3,468 cyberattacks (25% YoY decrease) and South Africa witnessed 2,113 weekly attacks in July 2025, representing a 14% increase. 

The report signals another concern as Africa continues to navigate its way around cybersecurity. 

A 2025 report by Kaspersky Security Network (KSN) shows that a staggering 131.6 million web threats were detected across Africa in 2024, underscoring the growing threats of online risks. These threats, which include malicious websites, phishing scams, and other internet-based attacks, disproportionately target businesses.

While Africa saw the highest weekly cyberattacks in July on the global stage, the Asia-Pacific continent (APAC) followed with 2,809 (6% YoY increase). Others are: Latin America recorded 2,783 attacks (4% YoY increase), Europe with 1,626 (6% YoY increase) and North America recording the least weekly cyberattacks of 1,380 (9% YoY increase). 

Also, in July 2025, global organisations faced an average of 1,947 cyberattacks per week, up 5% YoY. The education sector was the most targeted globally, averaging 4,210 weekly attacks per organisation (24% YoY increase), followed by government (2,577) and Healthcare and Medical (2,538). The agriculture sector saw the highest rise, with a 115% YoY increase.

Overall, global cube attacks were at an average number of 2,011 weekly, a 3% increase from the previous month and 10% more than last year.

The steady climb highlights how persistent and adaptable actors continue to be.

Also Read: Kenya, SA lead as Africa recorded 131.6 million web threats in 2024.

Cyberattack: global outlook of ransomware threats

According to the report, ransomware attacks continue to be one of the most damaging and visible forms of cybercrime. In July 2025, there were 518 reported ransomware attacks, a staggering 28% YoY increase.

In breakdown, North America was hit hardest, accounting for 52% of all reported ransomware incidents. Europe followed with 25%, APAC with 11%, Latin America saw 5% and Africa with as low as 2%. 

From an industry angle, the consumer goods and services sector was the most impacted, representing 12% of all reported attacks. The construction and engineering sector followed at 10.2%. while business services rounded out the top three with 9.5%. 

The report also highlighted that three ransomware-as-a-service (RaaS) groups dominated the landscape, as these groups are responsible for a large share of publicly disclosed attacks. The report explained that the data was derived based on victim data posted to ransomware “shame sites,” operated by double-extortion groups.

Qilin accounted for 12% of all published attacks in July 2025, making it the most active group this month. Formerly known as “Agenda,” Qilin has been operating since 2022 and has steadily expanded its infrastructure.

Followed closely is Inc. Ransom, which was responsible for 9% of attacks. Active since mid-2023, 33% of its targets in Q2 2025 were in healthcare, and 10% in education. The third, Akira, claimed 8% of reported attacks. First identified in early 2023, Akira targets Windows, Linux, and ESXi systems.

“These groups continue to evolve, both in their tooling and targeting, making them some of the most dangerous actors to watch in the months ahead,” the report added.