NEW Semperis Study Reveals that the Majority of Ransomware Attacks Continue to Occur During Holidays and Weekends

Organizations should prepare for a surge in ransomware attacks during holidays, weekends, and major corporate events, when cybersecurity staffing is its weakest.

HOBOKEN, N.J. , Nov. 24, 2025 /PRNewswire/ -- Semperis, a leading provider of AI-powered identity security and cyber resilience, today released results from a global ransomware study underscoring that the majority of ransomware attacks continue to occur on holidays and weekends, when cybersecurity staffing is reduced. In addition, the study shows ransomware groups also intensify their attacks during corporate material business events, including mergers, acquisitions, IPOs, and layoffs, to exploit organizational disruption and reduced security focus.

"Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long lasting business disruptions," said Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor. "In addition, corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability—exactly the environment ransomware groups thrive on."

The report, titled 2025 Holiday Ransomware Risk Report, found that 52% of surveyed organizations in the U.S., UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted on holidays or weekends. Alarmingly, 78% of companies cut security operation center (SOC) staffing by 50% or more, during holidays and weekends, while 6% cut their SOC staffing entirely during these same times. 60% of attacks occurred following an IPO, merger or acquisition, or round of layoffs.

Key Ransomware Report Findings

Reasons for reducing SOC staffing on holidays and weekends.
62% of organizations want to provide employees with work/life balance, 47% reported their business is closed on holidays and weekends and 29% did not think they would be attacked.

Ransomware gangs will attack during corporate material events.
60% of ransomware attacks took place after a material corporate event and of those attacked after such an event, 54% of companies reported being targeted following a merger or acquisition.

ITDR plans prioritize detection over response and recovery.
Identity threat detection and response (ITDR) plans gain traction, with 90% of respondents reporting that their plans detect identity system vulnerabilities. However, only 45% of plans include remediation procedures, and only 63% automate identity system recovery.

The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at: https://www.semperis.com/ransomware-holiday-risk-report

For more information about how Semperis helps global organizations improve cyber resilience, visit the Semperis Identity Resilience Platform page: at https://www.semperis.com/identity-resilience-platform/.

About Semperis
Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects over 100 million identities from cyberattacks, data breaches, and operational errors.

As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. 

Learn more: https://www.semperis.com
Follow us: Blog / LinkedIn / X / Facebook / YouTube

Media Contact:
Bill Keeler
Senior Director, PR & Comms
Semperis
[email protected]

SOURCE Semperis