CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom
Guides
#
cybersecurity
#
data analytics
#
data analytics
#
digital transformation
#
hybrid & remote work
Search
Story image
#
Ransomware
#
Advanced Persistent Threat Protection
#
Cybersecurity

UK businesses at higher risk of ransomware on holidays

Today
Author image
By Sean Mitchell, Publisher

Research by Semperis has revealed that UK businesses are particularly vulnerable to ransomware attacks during holidays and weekends due to understaffed security operations.

Cyber criminals are increasingly targeting these periods to exploit reduced staffing levels, according to the findings. It was found that over 50% of UK organisations have inadequately staffed their security teams outside regular working hours, resulting in a higher risk of attacks. Dan Lattimer, Area Vice President at Semperis, commented, "Cyber threats don't take a holiday. In fact, attackers are exploiting quieter times when they know they may be more successful – using periods of understaffed security operations to their advantage. Our research report is an urgent wake-up call that you can never take your eye off the ball; the threat to business, critical infrastructure and consumers is constant."

The report highlighted that 72% of UK organisations surveyed experienced ransomware incidents during holidays and weekends, mirroring trends in the United States and France. In the US, 70% of respondents reported similar experiences, whereas in France, the figure reached 81%. These statistics point towards a global pattern of cyber attacks occurring during times when companies are most vulnerable.

The study encompassed feedback from nearly 1,000 security professionals across various industries. Findings showed that sectors such as finance and manufacturing are particularly susceptible, with 78% of respondents from the financial sector and 75% from manufacturing and utilities reporting incidents during weekends and holidays.

Despite ongoing risks, more than half of UK companies admitted that their Security Operations Centre (SOC) is only partially staffed during weekends and bank holidays. Alarmingly, one in twenty organisations do not staff their SOC at all during these times. Some UK respondents with a 24/7/365 SOC revealed it operates at only 25% capacity during these periods, potentially increasing the susceptibility to cyber threats.

The report cites notable examples of high-profile cyberattacks occurring during periods of reduced security staffing. In the US, the Colonial Pipeline ransomware attack disrupted fuel supply, coinciding with Mother's Day. In the UK, a 2023 cyberattack on the payroll provider Zellis affected numerous British Airways, Boots, and BBC staff and took place over a weekend. Additionally, an attack on Transport for London underscored the growing threat to public infrastructure, commencing on a Sunday.

Simon Hodgkinson, Strategic Advisor at Semperis, emphasised the need for consistent security vigilance, stating, "It's high time businesses realised that cyber threats are present around the clock. The stark reality is that they are much more vulnerable when their SOC isn't fully staffed. In addition, securing business-critical infrastructure such as core identity systems should be at the top of every organisation's priority list – not an afterthought. It is worrying to see that so many organisations don't allocate enough time, budget and resources to protecting their most vulnerable assets."

The research also revealed concerns about identity-related cyberattacks, with a quarter of UK respondents expressing a lack of confidence in their organisation's capacity to defend against such threats. Furthermore, 22% of UK businesses have no identity recovery plan in place, posing additional risks should an attack occur.

Hodgkinson further stressed the necessity of continuous security oversight by suggesting that organisations rotate security team responsibilities to ensure adequate staffing throughout the week. He noted, "You really need to have someone on call all the time. Security teams could rotate responsibility with some employees taking weekdays off to ensure adequate staffing levels. In addition, organisations must have solid emergency procedures in place, with a tried and tested incident response plan that allows them to contain threats and restore operations quickly should an attack happen – regardless of whether the attacker strikes on a Sunday or a Tuesday."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Matt Johnson joins NTT DATA UK&I to tackle energy challenges
AI's growing impact on cybersecurity threat & defence
AuditBoard study reveals internal audit struggles in 2025
GitHub launches AUD $1.91m fund for open source security
KnowBe4 unveils AI-focused HRM+ for human risk management
Top stories
GlobalLogic named leader in generative AI by ISG report 2024
Nearly 10 million Brits to use BNPL schemes this Christmas
Sidekick launches new VCT to optimise tax for investors
UK firms risk GBP £4.5bn losses due to poor service
Charlie Thompson appointed New Relic's EMEA leader