Why Hackers Love Christmas as much as the rest of Us

Over the past year, several well-known British retailers and their technology partners have suffered disruptive cyber incidents that have hit online orders, distribution centres and even share prices.  

Criminals know this season is critical for retail and they time their activity to generate maximum pressure on businesses.

Why the risk rises at Christmas

Bad actors see Christmas as a great time to exploit people and businesses, with phishing scams pretending to be festive marketing, and rises in personal delivery SMS scams as well. We’ve also seen evidence that over recent years ransomware attacks start to steadily increase from October, peaking in December, with a significant drop-off in the January.  

During the festive period, transaction volumes surge, staff are stretched and supply chains run at full capacity. Attackers wait for exactly this moment because a single compromise can cause disproportionate disruption.

Recent coverage shows that retail has seen a noticeable rise in ransomware attacks this year, with several British retailers affected as criminals focus on online checkout systems and payment platforms. InfoSecurity Magazine reported that publicly disclosed ransomware attacks targeting the global retail sector grew by 58% in Q2 2025, compared to Q1, with UK-based firms being significant victims of this targeting.

Furthermore, a UK survey highlighted by The Guardian found that almost a third of procurement managers had seen companies in their supply chains hit by cyberattacks, which again shows just how exposed retailers are through their partners.

Supply chain exposure

It is not only retailers that face risk at this time of year. Suppliers, logistics firms and delivery networks are also being targeted. A single weak link can cause operational delays across an entire festive operation.

Last year, we saw the ransomware attack on supply chain technology provider, Blue Yonder, which disrupted supermarket warehouse and delivery operations ahead of the Christmas season. This was a clear reminder of how quickly problems can cascade across an entire supply chain at this time of year.

Other incidents this year have shown how attacks on manufacturers and service providers have forced retailers to pause fulfilment or switch to manual processes while systems were being repaired.

Immediate impact of business

If ransomware or account compromise lands during peak trading periods, the impact is immediate. Lost sales, delayed deliveries and disappointed customers all pile up – and fast.

Earlier in the year we saw this when a major British retailer had to pause online orders and food deliveries after a cyber incident, causing significant financial impact and operational disruption.

What makes the difference

Calm and experienced incident responders can help you to contain a problem quickly and reduce the spread of damage.

Strong legal preparation is also crucial. Clear contracts, well-structured SLAs and appropriate insurance all ensure that you can manage suppliers, regulators and customers confidently during a cyber incident.

Preparation is vital. Rehearsed response plans, confirmed backups, supplier risk checks and staff awareness sessions make a crisis manageable rather than catastrophic.

Don’t invite hackers to the party

It’s easy to be distracted at this time of year – but hackers are counting on this seasonal pressure. With readiness, expert support and strong supplier oversight, you can protect your operations, revenue and reputation throughout the festive period.

This Christmas, focus on delivering for your customers while at the same time ensuring your cyber defences are as robust as they can be.