Digital Risk: Enterprises Need More Than Cyber Insurance
Threatonomics

Cybercrime Takes No Vacations

And Neither does Cyber Resilience

by Brian Bochner , VP, Marketing
Published

Threat actors are opportunistic. 

Research by Darktrace in 2021 observed that cybercrime increased by 30% over the holidays compared to a monthly average. This was represented within Resilience’s internal data in 2021; notices increased by 4x in the month of December and 2x in October and November compared to our monthly average. 

However, Resilience’s internal data shows that as of 2022, cybercrime has become less seasonal and more consistent month over month

While in the past we have recognized a spike in cybercriminal activity over the holidays, Resilience’s data shows that claims notices in 2022 and 2023 are more contingent on geopolitical forces and large-scale incidents than on the time of year. 

The most active months for cybercrime in 2022 within our portfolio were May, June, and December. The fallout of the Russian invasion of Ukraine in February 2022 led to a dip in late winter, followed by an increase in cyber activity in late Spring/early Summer. In line with traditional trends, December 2022 remained one of the most active months. However, instead of a 4x increase on the month-to-month average, December 2022 saw less than 2x more cyber attacks than the monthly average. 

Given that data indicates cybercrime has a less seasonal correlation, it is always important to maintain best security practices and vigilance when the workforce is out for vacation. To help organizations keep their networks safe while enjoying the holiday season, Resilience has compiled this list of traditionally seasonal cybersecurity challenges and corresponding strategies to avoid them. 

Unsecured Network Usage 

While employees travel and work remotely, the threat of being hacked through public Wi-Fi heightens. Locations such as hotels, airports, coffee shops, and other hubs with free, unsecured Wi-Fi are hot spots for threat actors to gain unsolicited access to accounts. Several tactics can be deployed through an unsecured Wi-Fi network, such as “evil twin” attacks, password cracking, man-in-the-middle attacks, packet sniffing attacks, security vulnerabilities/misconfigurations, and more. 

To prevent any and all of these incidents, avoid using unsecured Wi-Fi networks whenever possible. If you must use an unsecured network, be sure you have a VPN installed on your devices. VPNs encrypt your data so it can’t be seen or stolen. 

Phishing Scams

Holiday phishing attempts are designed to trigger quick reactions from employees. They may appear to come from a member of leadership asking for urgent action or pose as well-known IT companies with phony security issues. Threat actors can access applications or systems once their false link is used or login credentials are entered. 

The best way to avoid phishing scams is through extensive employee training and awareness when clicking links and opening emails. Human error accounts for 88% of data breaches. Some email security systems monitor and flag suspicious emails, but these systems are not bulletproof and still require attentiveness and training. Phishing scams create a false sense of urgency to provoke someone to act quickly and without much thought. Always take the time to verify the sender of an email before clicking on any link, especially if it seems unusual or urgent. 

Ransomware 

Ransomware incidents have a massive impact on an organization’s ability to deliver value at any point in the year. However, for some industries such as manufacturers, retail, hospitality, and travel, business interruption during the holidays can significantly impact their bottom line. This pressure to deliver value and regain operationality puts even more stress on the organization to pay a ransom. 

Experiencing a ransomware incident over the holidays with a reduced workforce can lead to slower detection, longer investigation and greater damage to the organization. A ransomware study from Cybereason found that attacks occurring on weekends and holidays led to higher costs and greater revenue losses than attacks that occurred on weekdays. 

Building resilience against threats such as ransomware requires collaboration across risk management, security, and financial leadership, strong incident response strategies, and close internal monitoring. Resilience’s solution has been proven to help make clients more resilient against financial losses through extortions. Just 15% of our client base impacted by a ransomware event chose to pay an extortion fee in the first half of 2023. 

Strained Network

Depending on the industry, many organizations experience an influx of web traffic during the holidays. This influx can place IT’s focus more on the site’s experience and less on vulnerabilities or misconfigurations that may arise. But the strain on the workforce is the driving factor behind these risks. Threat actors recognize that most of the regular staff is out on vacation during the holidays, creating the prime opportunity to initiate a cyber attack that goes unnoticed until the damage has been done. 

DDoS (distributed denial of service) attacks are incredibly popular around the holidays for this reason. Overwhelming a target’s networks or servers when the IT team is already overworked and understaffed is a prime time for threat actors to instigate a DDoS incident, especially if the organization relies on its website for sales and operations. Reduce the risk of a DDoS attack by taking measures to reduce your attack surface and remain vigilant for signs of abnormal web traffic. Consider bandwidth (or transit) capacity and server capacity to absorb and mitigate potential large-scale DDoS attacks. 

Reputational Damage 

Holiday scams can impact your organization’s reputation even if threat actors do not touch your network or systems. Should threat actors invoke your organization’s name to send phishing emails or advertise false sales, the initial reaction from clients can be to assume that your organization is at fault or experiencing a breach. Experiencing an incident can lead to a lack of trust and decreased sales for the season or beyond. 

Should your company be spoofed for a phishing scam, reduce potential reputational damage by being transparent and promptly addressing and reporting the incident. Notify law enforcement and customers of the scam and provide resources to any impacted individuals.  

While incident data shows that cyber attacks are becoming less seasonal, cybercrime doesn’t take vacations. Make sure that when your team takes a break, you plan for cyber resilience. 

The Resilience Solution is designed to help security, risk management and financial leadership manage their cyber risk through enhanced security visibility combined with dynamic insurance policies. Our capabilities allow us to quickly share data around evolving market trends and offer corresponding strategies to respond effectively. 

About the Author
Brian Bochner , VP, Marketing

You might also like

New insights on the evolving threat landscape, from our 2025 Midyear Cyber Risk Report 

The cybersecurity world is experiencing an unexpected paradox in 2025. While cyber insurance claims in the Resilience portfolio dropped by 53% in the first half of the year—suggesting that organizations are getting better at preventing attacks—the financial damage from successful incidents has actually increased. Our latest 2025 Midyear Cyber Risk Report reveals that when cybercriminals […]

The seven places you should be looking when building your vendor list

In our first post, we established why comprehensive vendor discovery matters and how most organizations approach it incorrectly. Today, we’re diving into the practical mechanics: the seven data streams that can reveal vendor relationships hiding in your existing systems. The key insight is to start with data you already have rather than surveys or questionnaires. […]

How to get people to care about security when they don’t report to you

Getting executive sign-off on a new control? Hard. Getting peer buy-in on security initiatives when they don’t report to you? Harder. In modern organizations, cybersecurity professionals often find themselves in the ultimate matrix of organizational challenges: you need buy-in from every department within the organization – operations, sales, HR, and finance – but none of […]

Why vendor discovery matters now (and how most organizations get it wrong)

The average enterprise relies on hundreds—sometimes thousands—of third-party vendors to operate. Yet when security leaders are asked for a complete inventory of these vendors, the response is often a patchwork of spreadsheets, outdated procurement lists, and educated guesses. This vendor blindness isn’t just an operational inconvenience—it’s a critical business risk that’s becoming increasingly expensive to […]

The healthcare cybersecurity crisis that’s costing organizations millions in damages

The U.S. healthcare sector faces an unprecedented cybersecurity crisis. With 168 million healthcare records breached in 2023 and ransomware attacks surging 32% in 2024, the industry confronts threats that have evolved beyond data theft to sophisticated campaigns capable of paralyzing critical patient care infrastructure. Despite these trends, cybersecurity often receives insufficient leadership attention. A 2025 […]

Your cyber insurance policy could be a target

Organizations invest heavily in cyber insurance policies to shield their businesses from evolving threats, but many overlook a critical vulnerability: the security of the insurance policy documents themselves. While these policies are designed to protect you from cyber threats, they can become powerful weapons when they fall into the wrong hands. Over the past year, […]