The company said net income for the year reached $1.06 billion, up from $845.7 million in 2024. Earnings per share also climbed, with GAAP EPS rising 29% to $9.62.

In the fourth quarter alone, revenue came in at $745 million, a 6% increase year on year. Subscription revenue stood out, rising 11% to $325 million.

Check Point: Eight Key Trends Will Define Africa’s Cyber Security in 2026

Growth is not coming from one-off sales, it is being driven by recurring security subscriptions, which now account for a large share of total income.

The company also reported calculated billings of $2.9 billion for the full year, up 9%. Remaining performance obligations, which show future contracted revenue, reached $2.73 billion.

Chief Executive Officer Nadav Zafrir said: “We delivered solid fourth quarter and full year 2025 results, with revenue landing above the midpoint of our outlook and EPS exceeding expectations. Our performance remained resilient throughout the year, driven by continued customer adoption across our Hybrid Mesh Network and Workspace platforms.”

He added: “In 2026, our strategy is centred on securing our customers’ AI transformation across the enterprise. We are focused on executing against our four strategic pillars, Hybrid Mesh, Workspace, and Exposure Management, while embedding AI-driven security throughout our portfolio.

“Today’s announced acquisition of Cyata further expands our AI security stack, enabling full discovery, governance, and control of AI agents as organisations accelerate their AI journeys.”

Beyond earnings, the company moved to strengthen its product offering. It announced three acquisitions in early 2026, covering AI security, asset monitoring, and managed service platforms.

Cash reserves more than doubled during the year. Cash, marketable securities and short-term deposits rose to $4.34 billion from $2.78 billion. The increase followed proceeds from a $2 billion convertible notes offering.

At the same time, Check Point returned money to shareholders. It repurchased about 6.8 million shares in 2025 at a total cost of $1.4 billion.

Cash flow from operations also improved, reaching $1.23 billion for the year despite a one-off tax payment linked to prior years.

Check Point is growing steadily, with stronger revenue in 2025, thriving subscriptions, and a larger cash position in 2026.

The appointment, announced on Tuesday in Dubai, will see ElOuazzani lead the company’s regional growth strategy, including revenue, partnerships and market expansion.

She will also oversee efforts to strengthen Censys’ presence with governments and enterprises across the region.

Sarah Ashburn, chief revenue officer at Censys, said:

“We are delighted to welcome Meriam ElOuazzani as Vice President for the Middle East, Turkey, and Africa. This deepens our investment in a region where Censys has established strong momentum and is strategically positioned for accelerated growth. 

“Meriam’s proven track record of scaling cybersecurity markets across META, combined with her deep regional insight, makes her the right leader to grow our market presence and meet rising demand for trusted internet intelligence.”

ElOuazzani has more than 20 years of experience in cybersecurity and enterprise technology. She previously served as Senior Regional Director at SentinelOne, where she built the company’s regional go-to-market operations.

Before that, she held several leadership roles at VMware across the Middle East and North Africa. She also led regional product sales for mobility in the Middle East at Cisco Systems.

In her new role, she will focus on building strategic partnerships. These include government bodies, enterprise customers, managed security service providers and hyperscale cloud partners.

She will work with Rajaee Al-Dalgamouni, appointed Regional Sales Director for META, and Ahmed Ehlayel, named Solutions Engineering, META.

ElOuazzani said:

“The META region is at an inflection point in cybersecurity maturity. Across the Middle East, Turkey, and Africa, governments and commercial organisations are moving beyond perimeter defence and demanding real-time threat detection and operational visibility into their digital footprint. 

“Over the past two decades in this region, I’ve witnessed firsthand how the right intelligence transforms the security operations entirely. 

“Censys’s internet intelligence platform equips security teams with authoritative, real-time insight into exposure and adversary activity, replacing assumptions with actionable confidence. My mission is to establish Censys as a trusted partner across META, enabling the shift from reactive defence to proactive intelligence.”

Censys provides internet intelligence tools that help organisations identify exposed assets, monitor changes and detect threats. The platform, which continuously maps internet-facing systems and infrastructure, is used by governments, large companies and security providers.

The company says it scans all 65,535 internet ports and supports more than 26 industrial protocols, including Modbus, DNP3, Siemens S7 and BACnet. It also provides historical data on internet-connected assets to help track long-term exposure.

Censys has partnered in the Middle East with Rilian Technologies to deliver its capabilities to sovereign and critical infrastructure organisations. With this appointment, the company is increasing its focus on the region and expanding its local leadership team.

In the first half of 2025 alone, sub-Saharan Africa saw more than 42 million web-based attacks and nearly 96 million on-device attacks, including malware, spyware and backdoors, up from the previous year.

In Nigeria, almost 1.5 million online attack attempts were blocked by security tools, with nearly one in five users (19.9 %) targeted.

This threat occurrence makes choosing the right cybersecurity stack important. Two widely adopted options worldwide and more in African markets are Palo Alto Networks and Sophos.

Both provide firewalls and Secure Access Service Edge (SASE)-related functions. But they differ in design, cost structure, manageability and suitability for smaller security teams.

This article compares Palo Alto Networks and Sophos across threat prevention, networking and SASE functions, cost, ease of deployment, management and local support.

The Threat Environment in 2025–2026

Before looking at products, it helps to understand what these tools must defend against.

Cybercrime reports from late 2025 show a surge in attacks across the continent, with ransomware, business email compromise (BEC) and digital extortion reaching new heights.

Interpol-led enforcement measures in late 2025 disrupted cybercrime operations in 19 African nations, where attackers caused more than $21 million in losses before law enforcement intervened.

Globally, ransomware incidents increased steeply in 2025, with some reports indicating that nearly 78% of organisations experienced ransomware attacks over the prior year.

These show the scale and sophistication of modern threats and African enterprises that may not have large security teams, and need to ensure prevention is both effective and realistic.

Threat Prevention Capabilities

Palo Alto Networks

Palo Alto firewalls are built on the PAN-OS platform and supported by a threat intelligence backbone known as WildFire. Users frequently mention strong traffic inspection, advanced threat detection and integrated intrusion prevention.

In independent comparisons, Palo Alto products usually edge out competitors on threat prevention and machine-learning-driven analysis.

Palo Alto’s platforms are typically paired with Cortex XDR for endpoint visibility, and the vendor has been expanding cloud and identity security through recent acquisitions.

Sophos

Sophos firewalls, including Sophos XGS, focus on coordinated security with endpoint protection and centralised policy management. Sophos Central allows visibility across network and endpoints, and the company emphasises simplicity and integration in a single console.

Independent comparisons show that Sophos provides strong basic threat protection and advanced malware blocking, though some users find deeper configuration and reporting less mature than in higher-end platforms.

Direct Comparison

In independent user rating reports updated in early 2026, Palo Alto’s firewall solutions generally score slightly higher in threat prevention, while Sophos scores strongly for usability and value.

In one comparison, Palo Alto firewalls had a slightly higher average rating, and both products had high user recommendations.

Palo Alto may provide richer telemetry and deeper real-time threat visibility, but Sophos gives solid protection with easier management for smaller teams.

SASE and Network Security

Palo Alto Networks

Palo Alto’s SASE services centre on Prisma Access, a cloud-delivered security service that combines secure web gateway, cloud access security broker (CASB), zero-trust network access (ZTNA) and firewall services.

Prisma is widely deployed in larger, distributed enterprises, providing consistent security policies regardless of user location.

Recent product activities, including acquisitions in cloud monitoring and identity security, show Palo Alto is doubling down on integrated security beyond traditional appliances.

For organisations with complex hybrid networks and global reach, this unified approach can reduce gaps between network and cloud security.

Sophos

Sophos places its security service through Sophos XGS firewalls integrated with cloud management and synchronised protection with endpoint products.

The company has also moved into SASE-like offerings combining secure connectivity and visibility, though its approach is considered less fully featured than some leading rivals.

Sophos’s strength lies in ease of deployment and ongoing management through Sophos Central, which can be valuable for teams without dedicated security engineers.

So…

Palo Alto Networks provides a more feature-rich SASE suite with strong integration across cloud and network security, while Sophos gives a simpler set of SASE-aligned management that can be easier to manage but may not cover all enterprise use cases.

Cost and Total Cost of Ownership

Cost is a big determinant for African enterprises with tight IT budgets.

Palo Alto Networks

Palo Alto products are typically higher priced. Licensing depends on throughput, feature sets and number of users. Support and subscription services add to long-term spend.

For enterprises with complex needs, the higher cost is usually justified by deep inspection and advanced analytics.

However, smaller organisations may find the licensing tiers and hardware requirements challenging to budget for.

Sophos

Sophos licences are bundled more broadly, with firewall, endpoint and some network protection included in single packages. This bundling can make budgeting more predictable.

Sophos is generally seen as more cost-friendly for small and mid-sized businesses, though total costs still depend on the scale of deployment and feature requirements.

In user comparisons, Sophos is described as offering a good return on investment for lean teams, while Palo Alto’s suite is positioned at the higher end of the market.

Deployment and Ongoing Management

Palo Alto Networks

Palo Alto firewalls provide extensive configuration options but can require specialist knowledge to deploy and tune correctly. For small teams without senior security engineers, this complexity can be a barrier.

Training and certification are widely available, but they add to total implementation time and cost.

Sophos

Sophos prioritises a centralised, cloud-managed console and is generally easier to deploy. Most basic policies can be enabled quickly, and integrated endpoint support simplifies configurations.

Sophos’s management interface is friendlier for smaller teams, though advanced customisation options may be more limited.

Support Ecosystem and Regional Presence

Local support and partner networks can greatly influence operational success.

Palo Alto has a global partner ecosystem, but certified partners in Africa are often focused on larger enterprises.

Sophos also has a widespread partner network and is frequently chosen by regional managed service providers because of its easier onboarding and training.

For African organisations without in-house expertise, the availability of certified resellers and support partners able to assist with deployment and maintenance is a key factor.

Palo Alto Networks is a strong choice for organisations with adequate security staff, larger networks and complex compliance requirements. Its threat prevention capabilities, SASE maturity and integration across cloud and network environments offer broad protection for sophisticated threats.

Sophos suits smaller enterprises and lean IT teams. It provides effective threat prevention, straightforward deployment and bundled features that offer predictable cost and management simplicity.

There is no one-size-fits-all answer. For tight budgets and limited staff, Sophos provides the best balance of security depth and operational ease.

For larger enterprises or those facing persistent advanced threats, Palo Alto’s richer feature set may justify the higher cost.

That works out to roughly $22.6 million lost every minute, every day, across governments, businesses and individuals. The cost of defending against those attacks is growing almost as fast. 

Global spending on cybersecurity is expected to approach $345 billion in 2026, and forecasts reveal total annual spending could reach $1 trillion by the early 2030s.

The average cost of a data breach in 2025 stood at $4.44 million globally, climbing to $10.22 million in the United States. Ransomware featured in around 44% of recorded breaches, even as fewer victims chose to pay. 

Cyber attacks increase continually year on year, driven by automation, better targeting and the simple fact that digital systems now underpin almost everything.

The attack surface is expanding faster than most organisations can secure it. 

What follows are the biggest cybersecurity threats businesses will face in 2026, based on patterns already visible today.

1. AI-Powered and Highly Targeted Cyber Attacks

Cyber attacks are becoming cheaper to launch and easier to scale. Criminal groups no longer need great technical skill to produce convincing phishing messages, fake voice calls or tailored malware. Attack campaigns are now personalised, fast and relentless.

Attackers are now using generative Al to create convincing phishing emails, deepfake audio/video, and automated malware. 

We are seeing more cases where attackers imitate senior executives, suppliers or regulators with unsettling accuracy. Finance teams, procurement units and public officials are frequent targets. 

The danger is not just deception, but speed. When a message looks real and arrives at the right moment, people act before they question it.

One of the cybersecurity threats in 2026 is volume combined with precision. These attacks do not rely on one success. They rely on thousands of attempts until one slips through.

2. Supply Chain and Third-Party Exposure

Major breaches over the past few years have shown a trend where attackers avoid heavily protected organisations and go after their suppliers instead. Software vendors, cloud platforms, managed service providers and open-source projects are all attractive targets.

One compromised update or exposed interface can grant access to hundreds or thousands of downstream organisations. In 2026, this risk grows as companies rely even more on external software, shared services and automated integrations.

Trust has become a vulnerability. Many organisations still assume that partners are secure simply because they are established or well known. Attackers know better.

3. Ransomware Without Limits

Ransomware has changed. Encryption alone is no longer the main weapon. Today’s attacks focus on data theft, public exposure and operational disruption. Systems may be damaged even if no ransom is paid.

In healthcare, finance and government, attackers now aim to interrupt services rather than lock files. Stolen data is used as leverage, sometimes months after the initial breach. Payment rates have fallen to roughly a quarter of victims, but disruption costs continually increase.

By 2026, ransomware will not be about files but about leverage. The damage is reputational, legal and operational.

4. Cloud Misconfiguration and Identity Abuse

The cloud has simplified technology and complicated security. Most breaches no longer begin with malware. They begin with stolen credentials, excessive access rights or exposed services.

Storage systems left open to the internet, poorly protected interfaces and unmanaged applications are common. Once attackers gain a foothold, they move silently using legitimate accounts, usually undetected for weeks.

The risk in 2026 is not cloud adoption itself, but poor management over who can access what. Identity has become the new perimeter, and many organisations are still treating it as an afterthought.

5. Insider Threats and Strategic Data Leaks

Not all threats come from outside. Employees, contractors and partners can also cause serious breaches, sometimes through carelessness, sometimes deliberately.

With data becoming more valuable, internal access becomes more dangerous. Sensitive customer records, proprietary software, internal research and training data are now high-value assets. In some cases, they are stolen not for immediate profit, but for long-term advantage.

In 2026, insider risk is harder to spot because work is more distributed and access is wider. Trust is necessary, but unchecked trust is risky.

6. Connected Devices and Smart Infrastructure

From factories to hospitals to city streets, connected devices are everywhere. Many of them were designed for function, not security. Weak passwords, outdated software and limited monitoring are common.

Smart grids, traffic systems, medical equipment and industrial controls are now part of the digital ecosystem. A single exposed device can become an entry point into much larger systems.

Disruption to these environments can affect safety, not just data. With smart infrastructure expanding, so does its appeal to attackers.

7. Attacks on Energy and Critical Infrastructure

Energy systems, data centres and communication networks are indispensable to economic stability. They are also highly targeted.

Power grids, fuel distribution, water systems and large-scale computing facilities represent high-impact targets. Attacks do not need to cause physical damage to be effective. Temporary disruption can be enough to cause financial loss, public concern or political issues.

By 2026, these systems will get higher attention from both criminal and state-linked actors. Defence in this area is beyond a technical issue. It is a national one.

8. Geopolitical Cyber Conflict

Cyber operations have become a standard tool in global disputes. Election interference, sabotage, data theft and disinformation campaigns are now routine features of geopolitical tension.

The line between crime and conflict is usually blurred. Some attacks are tolerated, others encouraged, knowingly or unknowingly. Attribution is difficult, and response options are limited.

In 2026, organisations operating across borders will face more exposure, whether they are directly targeted or caught in the middle.

9. Long-Term Encryption Risk

While advanced computing threats are not yet mainstream, attackers are already preparing for them. Sensitive data is being stolen and stored with the expectation that future advances will make today’s encryption easier to break.

This is not a problem for tomorrow. It is a problem created today. Intellectual property, state secrets and personal records stolen now may remain valuable for decades.

Organisations handling long-life data need to consider this risk now, not after standards change.

10. Regulation, Liability and Cost of Failure

Cybersecurity has moved into the legal and regulatory arena. Data protection laws, infrastructure regulations and sector-specific standards are getting more attention.

A breach is no longer just an incident but a compliance issue, a legal risk and a reputational crisis. Fines, lawsuits and operational restrictions are becoming more common.

In 2026, the cost of getting security wrong will extend well beyond technical recovery.

What This Means for 2026

The case is not that technology is failing but that complexity is winning. Systems are growing faster than proper management, and attackers are exploiting the gaps.

Security in 2026 will not depend on buying new tools, we need to know what systems exist, who can access them, and how quickly incidents can be contained.

The organisations that cope best will not be those with the biggest budgets, but those that understand their risks solidly and act early. Cyber threats are not an abstract danger but a constant cost of doing business, and in some cases, of keeping the lights on.

Theiss, who has built his career leading marketing operations in technology and enterprise software, steps into the role with over 20 years of experience.

His mandate at Check Point is to lead global marketing efforts, boost demand generation, and position the company for continued leadership in cybersecurity.

Announcing the appointment, Check Point’s Chief Executive Officer, Nadav Zafrir, said: “Brett’s track record of building global brands and delivering measurable growth makes him an outstanding addition to our leadership team. As organisations navigate the complexities of AI, cloud, and hybrid work, Brett’s leadership will ensure Check Point’s story is told with clarity, impact, and vision.”

Before joining Check Point, Brett Theiss was Chief Marketing Officer at BeyondTrust and Anaplan, where he led innovations that translated into effective business expansion. 

He has also held senior positions at Xactly, Lumen Technologies, and AT&T, building a reputation for aligning marketing with both business outcomes and customer expectations.

In his own words, Theiss noted his commitment to the company’s mission: “Check Point is at the forefront of protecting enterprises against the most advanced cyber threats, with a powerful story to tell. I am thrilled to join this world-class team to further elevate the brand, deepen customer engagement, and help accelerate the company’s next phase of growth.”

Theiss holds a Bachelor’s degree in Business Administration from Millsaps College and a Master of Law from Texas A&M University. He is recognised in the industry for building high-performing teams and establishing marketing strategies that deliver long-term impact.

As adoption spreads from the bottom-up, companies are losing control over how sensitive information is being handled, what models are being used, and who has access to what.

Unbound Security AI has raised $4 million to fix this. The oversubscribed seed round was led by Race Capital, with participation from Wayfinder Ventures, Y Combinator, Massive Tech Ventures and others including notable angel investors.

Unbound gives IT teams the visibility and controls they need to safely introduce and manage AI tools in the enterprise. Its AI Gateway plugs into commonly used tools, like Cursor, Roo, Cline or internal document copilots, and provides real-time protection, model routing, and usage analytics. 

From blocking sensitive information leakage to managing model costs and performance, Unbound helps organisations roll out AI on their own terms.

The founding team brings deep experience in both enterprise security and infrastructure. CEO and co-founder Rajaram Srinivasan previously led data security products at Palo Alto Networks and Imperva, and earlier worked on SaaS security at the onset of the AI wave. 

He teamed up with Vignesh Subbiah, a seasoned engineer and former founding team member at Tophatter and Shogun, who scaled engineering teams and platforms from seed to growth stage. 

After working together at Adobe, the two reconnected to build a system that could meet the urgent security gaps emerging in the new AI stack.

The need became clear quickly. In the early days of GPT-3.5, teams were already sending sensitive prompts into AI tools without oversight, leaking secrets, exposing PII, and consuming costly licenses with no guardrails. Existing DLP tools either blocked the tool altogether or failed to adapt to newer AI workflows.

Unbound takes a different approach. It has already prevented the leakage of 100s of secret credentials, including passwords, API keys, and connection strings, as well as more than 500 instances of personally identifiable information such as customer names, phone numbers, and patient records. 

Rather than simply blocking prompts, Unbound redacts sensitive content in real-time and reroutes high-risk requests to internal, open-source models hosted in the organisation’s cloud. This ensures employees get their answers without ever seeing a security speed bump.

The platform also gives companies fine-grained control over model access and cost. Rather than buying a one-size-fits-all license, teams can allocate premium model access to high-stakes workflows, like engineers building core infrastructure, while routing lighter tasks, like content editing, to smaller open-source models. 

Mid-market customers using Unbound have already saved more than $10,000 annually on unnecessary AI seat licenses. And when new models outperform old ones, as with Gemini 2.5 recently overtaking Claude Sonnet for certain coding tasks, Unbound allows IT to roll them out incrementally, test their effectiveness, and swap them in without breaking employee workflows.

The product is already being used by a growing base of mid-market and enterprise customers across sectors including tech and healthcare. One customer, a leading tech company, recently used Unbound to safely introduce Gemini 2.5 into production AI tools for more than 100 engineers within the same week.

“As AI tools become mainstream, enterprises are turning to flexibility and control,” said Rajaram Srinivasan, co-founder and CEO of Unbound. “They want visibility into what’s being used, assurance that their data is protected, and the ability to swap in better models as the space evolves. Unbound is the bridge that makes that possible.”

Reflecting on Unbound’s early days, CTO and co-founder Vignesh Subbiah said, “Defaulting to blanket bans on AI tools is like being in the times of GPT 3.5. Unbound enables surgical security controls into every AI request so teams can innovate freely without putting corporate secrets at risk.” 

He added, “In just a few months, our customers have prevented over 7,000 potential data leaks and cut AI tooling costs by nearly 70 percent.”

The market is shifting fast. What started as shadow IT is quickly becoming mission-critical infrastructure. Generative AI is embedded in everything from customer support to software engineering, but the tooling around it is still stuck in early-stage chaos.

CIOs and CISOs are looking for ways to support AI adoption without compromising security or governance. Unbound is building that foundation. 

“At THG Ingenuity, we see the security team as an enabler, not a blocker. Unbound empowers us to roll out AI tools to employees with confidence. Unbound AI Gateway’s data protection controls and intelligent routing have been instrumental in safeguarding sensitive data while helping us optimize costs,” says Abraham Ingersoll, chief information security officer (CISO) of The Hut Group (THG), a customer of Unbound.

“AI is projected to reach $4.8 trillion in market value for the enterprise by 2033 globally — but without proper guardrails, that value is at risk. From shadow models to data leaks, the dangers of unmanaged AI are very real.  

“We are excited to back Rajaram Vignesh and the Unbound Security team as they create a new category of AI infrastructure: one built for safety, observability and cost discipline from day one,” said Edith Yeung, general partner at Race Capital. 

“We’re proud to back Rajaram, Vignesh, and the team building a new category of AI infrastructure, one that makes enterprise adoption safe, observable, and cost-efficient from day one.”

Unbound is just getting started. The team plans to expand integrations across the AI ecosystem, deepen model routing capabilities, and support internal model orchestration for enterprises adopting open-source LLMs. Their mission is simple: to ensure every organisation can embrace AI without losing control in the process.

Other investors in the round included Alpha Square Group, Northside Ventures, Liquid2, Pioneer Fund, Scale Asia Ventures, SBXI and notable angels including Ram Shriram (founding board member at Google), Dr Trishan Panch (CSO LuminHealth), Dr John Brownstein (chief innovation officer, Boston Children’s Hospital), Taro Fukuyama (CEO, Fond), Eli Brown (CEO, Guilded, acquired by Roblox), Chris Siakos (CEO Sinefa, acquired by Palo Alto Networks), Joe Vadakkan (CISO, Ex- CRO), Zain Rizavi (Cloudflare, Ridge VC), Finbarr Taylor (CEO, Shogun) alongside other silicon valley and cybersecurity veterans.