The holiday season can be a lucrative time for cybercriminals. Not only does malicious online activity increase in the retail and consumer space, but attackers also take advantage of non-retail businesses that shut down for the festive period.

Author: Johnty Mongan


On the run-up to Christmas, online retail sales spike, delivery services go into overdrive, and the use of online platforms in areas such as travel and banking tends to increase. This uptick in digital activity can be the ultimate gift for hackers because it provides more opportunities to target businesses and consumers through phishing emails, spoofed websites, and other methods of attack. For example, ransomware attacks increase by 30% during the holiday season compared to the monthly average, according to a report by Darktrace, a UK-based cybersecurity company1.

It doesn’t matter to a hacker if you are a global organisation, a charity, or a small business. Neither do they care that it’s the season of goodwill. The most important thing to them is how easy it is to infiltrate your network. Here are just a few potential scenarios of how cyber threat actors could hack the holidays:

What if…

….presents are held to ransom?
Royal Mail was the target of a ransomware attack by criminal group LockBit, in January 2023, which threatened to publish the stolen information online2. The company was temporarily unable to send letters or parcels abroad, causing significant disruption and compounding the usual post-Christmas delays. The incident resulted in losses totalling millions of pounds.

…flights are grounded?
In August 2023, a National Air Traffic Control Services (Nats) outage resulted in the closure of UK airspace for several hours, affecting thousands of travellers. Although not the work of a cyber-attacker, it raised questions over the vulnerability of flight-planning technology3. Just over two months later, the criminal group UserSec launched cyber-attacks on Manchester and Gatwick airports4, with a distributed denial-of-service (DDoS) attack bringing down Manchester Airport’s website for a short time5.

…employees don’t get their Christmas pay packet?
In April 2023, the UK and Ireland division of 1HR and payroll giant SD Worx was hit by a massive cyber-attack, leaving millions of employees across 82,000 companies unable to receive their payroll and wages during the subsequent outage6.

As you can see from these examples — all of which occurred within the last 12 months — cybercriminals are spoilt for choice regarding how to attack and disrupt businesses and their customers.

When businesses slow down, cybersecurity should ramp up

While we might typically associate increased cybercrime with the retail sector at Christmas, organisations in the non-retail space should not be complacent. End-of-year employee fatigue combined with a period of office shutdown or skeleton staff can be equally beneficial for cybercriminals.

During this time, especially with a reduced IT staff, alerts about identified vulnerabilities or new patches that require immediate implementation might only be acted upon after 1 January. This window of opportunity can mean that if an attack is successful, there may be a significant delay between the incident and its discovery. In the event of a data breach, this could lead to serious consequences, as time is of the essence for damage limitation.

Here are some key IT considerations for the countdown to the Christmas break:

  • Keep your systems up-to-date
    Check your firewall, anti-virus software, and data backup. Ensure systems are appropriately patched and running the most up-to-date versions of software. Conduct a pre-holiday audit to validate the latest infrastructure updates and fix vulnerabilities. Diligence in applying vulnerability patches should be as robust during the holidays as the rest of the year.
  • Conduct phishing simulation training
    Phishing emails have become even more sophisticated with the arrival of AI, which cyber-attackers are now using to produce more professional and authentic-looking messaging. This places even greater importance on phishing simulation training to help employees learn to identify malicious emails, links, and attachments, and safe ways to verify the identity of legitimate senders.
  • Implement a zero-trust architecture
    Based on the principle, ‘never trust, always verify’, a zero-trust architecture limits privileges and requires all actors within a network to be authenticated before being able to access data. In other words, it authenticates and authorises every interaction between a network and a user/device rather than allowing them to move freely within the network once granted access. In this way, a zero-trust environment can not only help prevent cyber-attacks but it can also lessen the impact if an incident occurs.
  • Review your cyber response plan
    A cyber response plan ensures that everyone knows what they must do should a cyber incident occur, helping prevent delays in trying to organise a team to fix the problem and/or manage a data breach. When you have a detailed plan in place, you can make alterations to accommodate staffing changes over the holiday period, including having a response team that is available 24/7.

Remember, we are here to support our clients in proactively managing cyber risk all year round. To help achieve this, we offer a package of cybersecurity services, including vulnerability scanning, penetration testing, phishing simulation training, and incident response planning.

Please get in touch with the team if you would like to know more. We wish you a safe and happy festive break.

Author Information


The sole purpose of this article is to provide guidance on the issues covered. This article is not intended to give legal advice, and, accordingly, it should not be relied upon. It should not be regarded as a comprehensive statement of the law and/or market practice in this area. We make no claims as to the completeness or accuracy of the information contained herein or in the links which were live at the date of publication. You should not act upon (or should refrain from acting upon) information in this publication without first seeking specific legal and/or specialist advice. Arthur J. Gallagher Insurance Brokers Limited accepts no liability for any inaccuracy, omission or mistake in this publication, nor will we be responsible for any loss which may be suffered as a result of any person relying on the information contained herein.