Global Study Finds Ransomware Attacks Target Weekends, Holidays and Mergers Amid Declining Cybersecurity Coverage
Ransomware attacks are rising during weekends, holidays and mergers as understaffed SOC teams leave gaps. The study highlights urgent needs for 24/7 cybersecurity, stronger identity security, and enhanced ransomware protection across global organisations.
Tech Author
A new global study has revealed that most ransomware attacks are planned during weekends, holidays and major corporate events. Attackers choose these times because organisations usually have fewer cybersecurity staff available, making it easier to break into systems and cause damage. The survey covered 1,500 IT and security professionals across 10 countries. It found that 52% of ransomware incidents in the past year happened during weekends or holidays. The data shows a clear pattern: cybercriminals strike when security teams are understaffed and response times are slower.
The report states that during these high-risk times, 78% of organizations reduced the number of employees in their Security Operations Centers (SOCs) by at least half. Even more troubling, 6% have no SOC coverage outside typical business hours. Attackers also target companies during times of significant change, like layoffs, IPOs, mergers, and acquisitions. According to the survey, almost half of ransomware attacks happened after a merger or acquisition, and 60% of attacks happened after such corporate events. Because of the uncertainty and distractions these events cause, fraudsters have an ideal chance.
Attackers take advantage of periods of minimal staffing, as demonstrated by real-world incidents. Just before the distribution of new car registrations, on a Sunday, the Jaguar Land Rover attack started. On a Friday night, Collins Aerospace experienced another significant problem that caused major airports, including Heathrow, to experience operational disruptions.
The study also looked at identity security, an important part of ransomware defence. While 90% of organisations have ITDR (Identity Threat Detection and Response) plans, only 45% include actual remediation steps, and just 63% have automated recovery tools. This gap leaves many companies exposed. Overall, the findings highlight that ransomware groups are becoming more strategic. They monitor corporate schedules, news updates and public timelines to strike when security controls are weakest. Industries like finance, manufacturing, healthcare and critical infrastructure are especially vulnerable.
The report reinforces the need for 24/7 cybersecurity monitoring, stronger incident response planning and better identity protection to reduce the growing risks of ransomware attacks. These insights make one thing clear is that cybercriminals are watching, waiting and striking with precision. As organisations continue to grow and evolve, keeping security teams active during high-risk periods is no longer optional, it’s essential for protecting data, operations and customer trust.
Information referenced in this article is from Security Brief
