EXCLUSIVE: Cyber incidents peak during holidays
December is a busy month for shoppers — and online criminals.
A survey of 505 business owners exclusively released to Chain Store Age from secure web hosting provider Liquid Web found that 64% identify December as their peak sales month. But a leading 39% also cite December as the busiest month for cyber incidents. The survey assessed respondents’ cybersecurity readiness.
On average, respondents have faced three cyber incidents during the peak holiday shopping months of October through December, but 24% have experienced five or more. The individual holidays where respondents report having dealt with cyber incidents include:
- Black Friday/Cyber Monday: 26%
- Christmas: 25%
- New Year’s: 12%
- Thanksgiving: 8%
- Halloween: 7%
On average, the survey indicates it takes just over 10 hours to respond to a cyber incident during holiday shopping. During peak shopping months, 28% of respondents have had to deploy emergency patches, which involves fixing vulnerabilities in software to address security gaps as a reactive approach.
The survey also examined respondent experiences with cybersecurity outside of the peak holiday shopping season. In the past year, one in two have suffered phishing attacks, and almost three in four (73%) report facing at least one cyber threat.
These incidents can be costly, with respondents anticipating an average revenue loss of $147,848 if a significant cybersecurity issue arises during a peak shopping month. Beyond financial impacts, 12% of respondents noted long-term damage to customer loyalty and trust following recent cyber incidents.
The survey also revealed the following findings in a number of cybersecurity areas:
Most common cybersecurity vulnerabilities
- Outdated software and systems: 36%
- Weak authentication protocols: 33%
- Lack of employee cybersercurity training: 32%
- Insufficient data encryption: 28%
On average, respondents reported a revenue loss of $20,369 in the last year due to these vulnerabilities and a total loss of $92,744 since their company’s inception.
In addition, 13% of respondents said that such vulnerabilities have severely impacted customer trust,
Most commonly implemented cybersecurity measures
- Multi-factor authentication: 56%
- Data encryption: 55%
- Regular software updates and patching: 53%
Other findings
- Nearly 40% of respondents have updated their cybersecurity software or patch vulnerabilities at least once a month and 21% have done so quarterly. However, 16% said they only do so as needed and 12% were unsure of their patching frequency.
- On average, respondents allocated 16% of cybersecurity budgets to holiday readiness.
- More than seven-in-10 (72%) respondents are confident in their cybersecurity readiness for holidays and 67% are confident in employee readiness to respond to holiday cyber incidents.
"To mitigate cyber threats, businesses must prioritize proactive cybersecurity, such as employee training and system updates," said Carrie Wheeler, president of Liquid Web. "By doing so, companies can better safeguard their operations and protect their customers’ trust."
[READ MORE: Survey: More than half of retailers recognize increased cyberattack risk during holidays]
Liquid Web conducted a survey of 505 business owners, with 77% of respondents running e-commerce operations and 23% managing traditional businesses with an average revenue exceeding $3.1 million in the previous fiscal year
