"A new report finds that the majority of ransomware attacks occur over weekends and holidays, but they're even more common after mergers and acquisitions. Organizations may slash staffing by 50% or more during these periods, leaving them vulnerable to attack. The analysis comes from Semperis, a global identity services and security firm that offers enterprise products including Active Directory, Entra ID, and Okta."
"The Semperis report took a more targeted approach, breaking down ransomware attacks by country and by industry. Telecom respondents said ransomware attacks occurred in the following frequency: After a material corporate event: 70% After a merger or acquisition: 53% After layoffs/redundancies: 46% After an initial public offering (IPO): 43% In the US, 53% of those attacks occurred on a weekend or holiday. Chris Inglis, the first U.S. national cyber director, told Semperis that ransomware attacks are designed to hit businesses when they're most vulnerable."
Majority of ransomware attacks occur over weekends and holidays, and frequency rises after mergers, acquisitions, layoffs, IPOs, and other material corporate events. Semperis analyzed responses from 1,500 security and IT leaders across 10 countries and eight industry sectors to measure timing, staffing, and identity threat detection and response. Ransomware incidents in 2025 were slightly down year-over-year, while overall cyber events grew sharply, with Comcast reporting 35 billion cybersecurity events and rising volume and velocity. Telecom respondents reported attacks after material corporate events (70%), after mergers/acquisitions (53%), after layoffs (46%), and after IPOs (43%), and 53% of US attacks occurred on weekends or holidays. Organizations often slash staffing by 50% or more during these periods, and 75% of telecom firms reduce staffing, creating governance ambiguity and increasing the likelihood of quick ransom payments to restore operations.
Read at Telecompetitor
Unable to calculate read time
Collection
[
|
...
]