Do Cyber Attacks Increase in the Holidays?
01 December 2025
Do Cyber Attacks Increase in the Holidays?
Yes, cyber Attacks on businesses increase by about 30% during public holidays such as Christmas and UK Bank Holidays, and even over times when it is common for more people to be off work (such as during the summer).
Public holidays are usually a time for businesses to slow down, with fewer (and on some occasions, no) staff working and many operations on hold. Unfortunately, this makes businesses prime targets for cyber criminals.
A study by DarkTrace found that cyber attacks, especially ransomware, rise by about 30% during public holidays and weekends. This happens because businesses are often less prepared, have nobody on hand to monitor their critical systems and data, or even just let their guard down to potential threats, giving attackers more opportunities to strike unnoticed.
Additionally, if an attack occurs when no one is around to spot it and businesses do not have adequate monitoring in place, the damage caused to the business could be much more severe, allowing cyber criminals to take full control and access all of your sensitive business data.
Did you know?
The average downtime that a business experiences following a ransomware attack is about 21 days. Many businesses experience lasting effects for up to a year (or more) following a successful attack, causing even more harm.
Story Time
Here is a cautionary tale; we will remove names for the privacy of the business in question, but this highlights a perfect example of cyber criminals taking advantage of a business unprepared to tackle cyber threats during public holidays.
In November 2020, a manufacturing business (37 employees) that operates 24/7 approached us to discuss its IT and cyber security needs. We went out to speak with them, even doing a full cyber security assessment and network audit, identifying several key high-priority vulnerabilities. We quoted them in early December of the same year; however, the business questioned their need for cyber security as they believed they were not big enough to be targeted in a cyber attack. We explained that SMEs account for 81% of all cyber attacks and data breaches and that the majority of cyber attacks occur during public holidays when businesses are less prepared to deal with the consequences. Regardless, they decided to instead wait until January and review the quote with all decision-makers in the business to assess if they wanted to proceed with the quote.
Fast forward a couple of weeks to 3 AM on Christmas morning... Our out-of-hours line received a panicked call from one of the executives who was working the night shift, preparing the business to be closed for 48 hours to allow employees to spend time with their families on Christmas Day & Boxing Day (little did they know it would be slightly longer than this), stating that they were experiencing a cyber security emergency (Ransomware Attack). Their server and all its data were completely inaccessible, and all their online devices were infected.
Even though at this time they were not customers, our Cyber Security Operations Centre acted quickly to be able to mitigate the effects of the attack, isolating affected systems, and installing tools to be able to attempt to restore business data. Thankfully, even with it being Christmas Day, our CSOC and 24/7 IT Support Desk were able to work with the business to be able to recover and restore critical operations over a period of 5 days and were able to restore non-essential business systems over an additional 7 days (12 total), ensuring that they had new systems and solutions in place to be able to prevent further attacks.
Needless to say, they did sign off the quote and in 2023 resigned for a further 3 years after also growing to a team of 73, where we have worked closely with the business to put digital transformation projects in place and help them to achieve their business growth goals.
What are the main dangers?
During public holidays, businesses often face several types of common cyber threats. Data breaches and/or ransomware are some of the largest, where cyber criminals will steal and/or encrypt your business data demanding often large sums of money to get it back.
Phishing attacks are another common risk that businesses face during the holidays. Cyber criminals will often send emails or messages that may look legitimate but are designed to get your employees to download malicious files, enter personal data (such as email addresses and passwords), change banking details, and more. With fewer employees working, and those that are often focusing less on their daily tasks due to reduced staffing levels or the lighter atmosphere of the holidays, this drop in vigilance can often lead to data and security breaches. Similarly, employees—intentionally or accidentally—may often misuse sensitive information when there’s less oversight.
Additionally, it is often common for cyber criminals to attempt to gain access to a business network leading up to public holidays, probing and moving around a network, and waiting for a public holiday when businesses let their guard down to launch their attacks. We once had a prospective customer call our out-of-hours line at 3 AM on Christmas morning in a panic where cyber criminals had launched an attack on their network.
How can your businesses stay safe?
Protecting your business all year round does not have to be a daunting task. Our comprehensive cyber security solutions are designed to protect your business from evolving cyber threats. Much like hour home alarm and/or CCTV protects your property when you are away from the house, our 24/7 cyber security operations centre (CSOC) is manned by cyber security professionals who not only monitor for even the smallest signs of cyber threats, they also actively hunt out potential threats, look for security holes in your infrastructure, and keep you protected, even when you are not in the office. This ensures that even when less staff are around, there’s always someone—or something—watching for potential threats.
Did you know that in 2023 only 31% of businesses undertook a cyber security audit on their business to see if they have the modern and comprehensive solutions in place to keep them protected from evolving threats? These audits not only check if you have the right solutions in place but also probe for weak spots in your systems and help fix them before criminals can exploit them. It is especially important to conduct these checks before a holiday period, ensuring your defences are up to date.
Not had an audit recently?
If you have not had a cyber security audit in the past 12 months, fill out the form below and we can conduct a thorough audit on your entire infrastructure to monitor for all potential threats.
Keep your business secure from potential threats during the holidays
Cyber Security Training: Training employees to spot phishing emails and other scams that often increase during holiday seasons could be the difference between someone accidentally opening a malicious attachment that wreaks havoc on your business or staying safe. Even a simple training session can dramatically reduce the risk of human error leading to a cyber attack. Find more about the human risks in cyber security in this article.
Multi-Factor Authentication (MFA): With MFA, even if an attacker gets hold of a password, they still need a second (or even a third) piece of information or access to a specific authorised device to access your systems, making it much harder for them to break in.
Be prepared for the worst: Always back up your critical business data, cyber attacks evolve every day and if your business falls victim to a cyber attack, especially if you do not have the necessary solutions in place to keep you protected. Backups such as Immutable Backups are an essential part of any business cyber security, disaster recovery and business continuity plan and should be something that every business should have.
Are you prepared?
The best way to ensure your business is protected during the next public holiday is to take our FREE Cyber Security Health Check now. With this audit, we will help you understand where your business might be vulnerable and what you can do to improve your defences and keep you protected from potential threats. It’s a simple step that could save your business from a costly and damaging attack.
Fill out the form below to schedule your health check and ensure your business stays safe, no matter what the holiday season brings.