Switzerland: Cyber attacks down eleven percent in January

Check Point Research, the security research division of Check Point Software Technologies, has published its Monthly Cyber Threat Report for January 2026. The figures show a varied picture: While cyber attacks continue to increase worldwide, Switzerland has seen a significant decline.

Switzerland bucking the global trend

In January 2026, cyber attacks in Switzerland fell by 11% to an average of 1093 attacks per week and organization. This contrasts with the European average, which recorded an increase of 18% with 1755 weekly attacks. Globally, the volume of attacks rose by 3% compared to December 2025 and by 17% compared to the previous year to an average of 2090 cyber attacks per week.

«In Switzerland, the volume of attacks may have decreased, but the intensity with which Swiss companies are attacked has not,» explains Armin Thommen, SE Manager Switzerland at Check Point Software. «The energy & utilities, public sector and consumer goods & services sectors were particularly affected in this country. We are seeing increased cybercriminal activity in all of these sectors. The use of AI is particularly worrying, because even if the volume is currently falling, the complexity and speed are increasing.»

Education sector still hardest hit

The education sector remains the most affected industry globally, with an average of 4364 attacks per organization per week - an increase of twelve percent compared to the previous year. The large attack surface, high user numbers and often outdated infrastructures make this sector particularly vulnerable. The government sector follows with 2759 weekly attacks (up eight percent), while telecommunications companies moved up to third place with 2647 attacks.

GenAI use harbors new data leakage risks

The increasing use of artificial intelligence in companies is significantly increasing the risk of data loss. Check Point Research identified dangerous trends in January: one in 30 GenAI prompts showed an increased risk of sensitive data being leaked. This data leakage risk affected 93 percent of companies that regularly use GenAI tools. 16 percent of all prompts contained potentially sensitive information.

Companies used an average of ten different GenAI tools, indicating fragmented and inconsistent usage patterns. The average enterprise user generated 76 GenAI prompts per month. This opacity in GenAI usage underscores the need for solid governance, better visibility of AI tools and strict controls on data processing.

Ransomware activities continue to increase

Ransomware activity continued to increase by ten percent in January 2026 with 678 publicly reported attacks. North America accounted for 52 percent of ransomware victims, followed by Europe with 24 percent. The USA remained the most affected country with 48 percent, followed by the UK (five percent), Canada (four percent), Germany (four percent) and Italy (three percent).

Industries that rely heavily on continuous operations remained the main targets of ransomware. Business services accounted for 33 percent of all ransomware victims, followed by consumer goods and services (15 percent) and industrial manufacturing (11 percent).

The most active ransomware groups

Qilin was responsible for the most ransomware incidents, accounting for 15 percent of reported attacks, and expanded the exposure of victims through its Rust-based ecosystem. LockBit (12 percent) continued its large-scale campaigns with double extortion. Akira's activities also continued (9 percent). The group targets Windows, Linux and ESXi systems, with a particular focus on business services and industrial manufacturing.

The insights come from Check Point's ThreatCloud AI platform, which analyzes millions of indicators of compromise every day. ThreatCloud is powered by over 50 AI-driven engines and fed with information from more than 150,000 networks and millions of endpoints.

Source: Check Point