CYBER CRIMINALS EXPLOIT HOLIDAYS – HOW TO STAY AHEAD WITH INCIDENT RESPONSE

Cyber criminals are known to target victim organisations during holiday periods, with victims’ discovery and containment of cyber security and data privacy incidents typically trailing the occurrence of that malicious activity. Organisations might use the new year to revisit their incident response policies and procedures and, in particular, ensure that they have resilient and secure communications plans in place.

Post-holiday impacts

Many people, including IT and security personnel, take time away from work to focus on family and friends during the winter holiday season. As the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) described in 2022 guidance, this makes holidays an attractive timeframe for cyber criminals to target victims because reduced staffing and limited organisational capacities can provide attackers with a head start for conducting network exploitation and follow-on malicious activities.

But victims do not immediately identify and contain these incidents. Organisations surveyed in IBM’s Cost of a Data Breach Report 2025 needed 181 days on average to identify that a breach had occurred and another 60 days for containment. While IBM notes that such timelines have significantly shortened in recent years, these findings nevertheless mean that victim organisations are dealing with breaches for weeks or months after they initially occur.

With October through December a holiday-dense time on the calendar, the new year seems likely to be marked by an increase in incident response activity as organisations realise that they are victims. Data published by IT Governance Ltd., for example, showed significant increases in publicly reported breaches in January 2023 and in January 2024 compared to preceding months.

Jan-Mar 2026 Issue

Holland & Knight LLP

Join our free mailing list to read the full article