Semperis reports increased ransomware attacks during holidays and corporate events

A recent global study by Semperis identified that ransomware incidents frequently take place during periods of lower cybersecurity coverage, particularly holidays, weekends, and major organizational events.

The findings emphasize a correlation between reduced security operation center (SOC) staffing and increased ransomware activity. Many organizations decrease SOC personnel during these times, while ransomware groups exploit the associated operational distractions during events such as mergers and layoffs.

The study outlined that 78% of companies reduced SOC staffing by at least half on holidays and weekends, with 6% fully suspending coverage during those intervals. It also revealed that 60% of attacks occurred following significant corporate changes, especially mergers or acquisitions.

Regarding response strategies, the report noted that 90% of identity threat detection and response (ITDR) plans focus on identifying system vulnerabilities. However, less than half include remediation measures, and 63% automate recovery processes from identity system compromises.

Chris Inglis, Semperis Strategic Advisor and former U.S. National Cyber Director, said, “Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long lasting business disruptions. In addition, corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability—exactly the environment ransomware groups thrive on.”

The companies surveyed were located across the U.S., UK, France, Germany, Italy, Spain, Singapore, Canada, Australia, and New Zealand. The study's data underscores organizational adjustments in security staffing and response plans corresponding with periods of operational vulnerability.