Holiday Risk Report: Hacker wearing a Santa hat representing cybercrime spikes in December

The festive season is meant for joy, family, and gift giving. But for cybercriminals, December is one of the busiest times of the year. As employees switch off for the holidays, cyber risk switches on. For organisations, this is a direct threat to operations, supply chains, and revenue.

Holiday Cyber Risk: Why Cybercrime Spikes in December

  1. Reduced Vigilance Creates Operational Blind Spots

Cyberattacks increase by 30% during public holidays when fewer people are monitoring systems, and 72% of companies report being hit by ransomware during a holiday or weekend.

With skeleton IT teams and understaffed Security Operation Centres, attackers benefit from longer dwell times and slower incident response, making December a prime opportunity for exploitation.

  1. Ransomware Activity Intensifies

Ransomware operators take advantage of organisational downtime, knowing that businesses depend heavily on uptime for seasonal revenue and may pay quickly to restore operations. Darktrace observed a 70% increase in ransomware attempts in November–December compared to January–February, highlighting how threat actors time their campaigns to maximise leverage.

  1. Phishing & Spoofing Surge

Cybercriminals exploit seasonal themes, shopping spikes, and busy end-of-year workloads to trick staff into clicking malicious links or opening fraudulent emails. Finance teams are targeted with spoofed invoices, procurement departments receive fake delivery updates, and executives face urgent impersonation emails.

Attackers also deploy typosquatting domains that mimic legitimate retailers and suppliers, preying on rushed end-users. Last year, Christmas-themed phishing rose 327%, while Black Friday/Cyber Monday lures surged 692% compared to early November.

  1. Supply Chain Dependencies Become Weak Links

Vendors, SaaS providers, and logistics partners often operate with reduced staffing during the holidays, resulting in slower SLAs, delayed incident communication, and patch freezes that widen the attack surface. A compromise via a partner can be just as damaging as a direct breach, and December’s operational slowdown amplifies this risk.

  1. Human Error, Distraction & Fatigue

End-of-year deadlines, holiday planning, and general fatigue create the ideal conditions for mistakes. Accidental data exposures rise sharply in December, particularly when tasks are rushed or performed by unsupervised staff. Privileged access errors and misdirected emails also become more common, increasing the likelihood of business compromise.

  1. Travel & Unsecured Networks

Staff working remotely or travelling during the holiday period often connect through public Wi-Fi in airports, hotels or cafés, while many also use personal devices. These unsecured networks introduce new entry points into corporate systems, and sensitive data taken offsite becomes far more vulnerable to interception.

  1. AI-Driven Scams Scale Faster

Cybercriminals now use AI to create highly convincing phishing emails, deepfake websites, spoofed brands, fraudulent invoices, fake executive communications and near-perfect identity documents. According to the latest RH-ISAC report fraud and automated bot attacks have risen sharply, with fraud now considered the most widespread holiday threat. Fake merchant websites and automated account takeovers are expected to surge in 2025, accelerated by generative AI and increased bot traffic.

  1. Financial Impact

The reputational and financial consequences of cyber incidents are magnified during peak trading periods, when customer activity is highest. During the festive season, UK consumers lose an average of £1,000 each to online scams. For businesses, the stakes are far more severe: global ransomware demands now average £1.4 million, and downtime during peak trading can cost retailers and logistics companies millions in lost revenue.

Reducing Holiday Risk: What Organisations Can Do to Protect Themselves

  1. Strengthen Monitoring & Detection
  • 24/7 Security Operations Centre (SOC) coverage: Cyberattacks spike during holidays, so continuous monitoring is essential.
  • Holiday surge alerts: Configure SIEM/SOAR systems to flag anomalies during weekends and public holidays.
  • Threat intelligence feeds: Sign up for alerts that warn your industry about current scams and attacks, so you know what’s coming and can prepare before they hit.
  1. Run Holiday Readiness Simulations
  • Phishing drills: Test staff with seasonal lures (fake delivery emails, Black Friday offers).
  • Tabletop exercises: Simulate ransomware or supply chain compromise with reduced staffing.
  • Red team engagements: Validate how quickly your organisation detects and escalates incidents during skeleton crew periods.
  1. Harden Access & Authentication
  • Mandatory MFA: Enforce across all accounts, especially privileged and remote access.
  • Conditional access policies: Block logins from risky geographies or untrusted devices.
  • Privileged access management (PAM): Rotate credentials before holiday breaks to reduce insider risk.
  1. Secure Remote & BYOD Usage
  • VPN enforcement: Require encrypted tunnels for all remote connections.
  • Mobile device management (MDM): Apply policies to personal devices used for work.
  • Travel advisories: Educate staff on the risks of public Wi-Fi in airports and hotels.
  1. Patch & Update Proactively
  • Pre-holiday patch freeze: Ensure critical systems are updated before December.
  • Third-party risk checks: Confirm vendors and SaaS providers have applied patches.
  • Automated patching: Reduce reliance on manual updates during low staffing.
  1. Strengthen Supply Chain Security
  • Vendor communication plans: Ensure partners can escalate incidents quickly, even during holidays.
  • Third-party monitoring: Use tools to track vendor domains for spoofing or compromise.
  • Contractual SLAs: Build in holiday period response expectations with MSPs and suppliers.
  1. Build Human Resilience
  • Seasonal awareness campaigns: Train staff to spot fake delivery emails, spoofed invoices, and urgent payment requests.
  • Fatigue management: Encourage realistic workloads to reduce end-of-year mistakes.
  • Clear escalation paths: Ensure staff know who to contact if suspicious activity occurs while managers are OOO.
  1. Stress Test Incident Response
  • Holiday-specific playbooks: Document escalation when key staff are unavailable.
  • Cross-team coverage: Assign backups for critical roles (SOC, IT, finance).
  1. Leverage AI & Automation Defensively
  • Automated phishing detection: Use AI to flag suspicious seasonal campaigns.
  • Behavioural analytics: Spot anomalies in user activity during reduced staffing.
  • Automated containment: Quarantine suspicious endpoints without waiting for manual approval.
  1. Protect Financial Transactions
  • Dual approval for payments: Require two-person verification for invoice changes or supplier updates.
  • Banking alerts: Enable real-time notifications for unusual transfers.
  • Fraud detection tools: Deploy machine learning to spot anomalies in vendor payments.

For cybercriminals, the holidays are not a quiet period—they’re a strategic advantage. Reduced staffing, increased digital activity, and human distraction create the perfect environment for attacks.

For the latest information on how you can protect yourself from cyberattacks, go to our resources.

Holiday Risk FAQs for Businesses

What is holiday risk for businesses?

Holiday risk refers to the increased threat of cyberattacks, fraud, and operational disruption that businesses face during December, when staffing is reduced and online activity rises.