Holiday and weekend gaps leave critical infrastructure open to ransomware attacks
A new report from Semperis found that while the overall frequency of ransomware attacks has declined, the timing of those incidents remains a serious concern. More than half of the respondents who said they had been targeted reported that the attack hit during a weekend or holiday, when staffing is thin and response times slow. An even larger share said the intrusion followed a major corporate event, such as a merger or acquisition, when networks are in flux and defenses can be stretched. The study makes one thing clear: most ransomware actors still strike when organizations are at their most vulnerable.
Titled ‘2025 Holiday Ransomware Risk Report,’ Semperis disclosed that 52% of surveyed organizations in the U.S., UK, France, Germany, Italy, Spain, Singapore, Canada, Australia, and New Zealand were targeted on holidays or weekends. Alarmingly, 78% of companies cut security operation center (SOC) staffing by 50% or more during holidays and weekends, while 6% cut their SOC staffing entirely during these same times. 60% of attacks occurred following an IPO, merger or acquisition, or round of layoffs.
“Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long-lasting business disruptions,” Chris Inglis, the first U.S. National Cyber Director and Semperis strategic advisor, mentioned in a Monday media statement. “In addition, corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability—exactly the environment ransomware groups thrive on.”
Read more at Industrial Cyber