The holiday season is here, heralding a welcome uptick in sales for small businesses. It’s also a busy time for cybercriminals.
Risk management firm RiskRecon studied 10 years of breach data and found that multiple fourth-quarter holidays including Christmas and Thanksgiving all showed a higher rate of cyberattacks than the baseline.
Here’s how small business leaders can respond:
1. Consider Cybersecurity As Essential To Growth
In fact, no IT solution is seen as more critical to growth by small-business leaders than cybersecurity — not even accounting, payment or marketing systems. Eighty percent of small business owners who participated in the latest Forbes Research Small Business Survey (fielded in March and April) rated cybersecurity as critical to growth, ranking first among 10 tools.
2. Recognize That Small Businesses Have A Larger Attack Profile
Small business leaders in the Forbes Research study reported a large year-over-year increase in having been the target of a cyberattack, up from 47% a year ago to 69% in 2025.
3. Close Gaps In Worker Training
The share of small business leaders saying their firm conducted employee training aimed at preventing ransomware or data breaches is up from 70% a year ago to 82% in 2025, the survey found.
4. Have Contingency Plans For Off-Hours Protection
Cybercriminals know to attack their targets at moments of weakness. According to the 2024 Ransomware Holiday Risk Report from cybersecurity provider Semperis, 86% of victims are targeted when staffing levels are lowest: weekends and holidays.
5. Know What To Do After An Attack
Because of the high threat volume and constantly evolving methods, attacks are common. Enough small businesses have a plan in place, however. According to the Forbes Research survey, 78% of leaders surveyed said their company is prepared to survive a sophisticated targeted cyberattack.
Take these steps and improve your chances of having a happy — and cybersecure — holiday season.