UK small businesses prepare for Christmas closures each year, but new Kaspersky research says many leave their systems open to danger. The survey of 500 owners shows that almost a third will close for 3-5 days, and many will stretch that to a week or longer. More than 4 in 5 will shut their doors for at least a day, while only 19% will stay fully active through the period.
Kaspersky says this long pause creates an opening for criminals. Many firms trust that the quiet season means fewer risks, yet that trust does not match the record of past holidays. PwC’s Minimum Viable Company idea, which looks at which basic services keep a firm going during trouble, points out that small firms often run on only a few core systems. A short break in supervision during Christmas can make those systems easy targets.
Confidence among owners runs high as Kaspersky found that 82% describe their own protection as strong enough for the festive period. This view clashes with the research finding that 35% have already dealt with a cyber incident during a previous Christmas break. Kaspersky says this gap between confidence and reality shows a habit of over-trusting basic routines rather than applying firm checks.
1 in 4 owners says they worry about no particular threat over Christmas. Those who do feel uneasy cite phishing and ransomware more than anything else. Nearly 1 in 8 takes no action at all before closing, while others rely on tasks such as backing up data or installing updates. Only a small share tests its response plans or warns staff about seasonal scams.
Who Is Watching These Systems During The Break?
Kaspersky’s figures show different kinds of habits in how firms keep watch over their technology. Half use in-house or external IT teams, but a quarter turn to staff who do not specialise in this work. Another quarter says flatly that no one monitors anything during the break.
This silence over the holiday week gives criminals time to work without resistance. Kaspersky says the issue grows sharper when firms depend on only a few suppliers or tools, which is common among smaller operations. If those tools go down or are tampered with during the shutdown, owners return to work facing delays, lost income or system lockouts.
More from News
- Meta Poaches Former Apple Exec, Alan Dye
- TikTok To Invest Billions In Data Centre In Brazil
- Anthropic Eyes Up IPO
- UK Users Can Now Use Google’s AI Try-On Feature
- Apple’s AI Chief Steps Down, Here’s Who Is Taking Over
- Zipcar Announces It’s Leaving The UK
- Will Trump’s Migration Ban Be A Boost Or Blow To The US Economy? The Experts Weigh In
- Bank Of England Lowers Capital Requirement After Warning On AI And Debt Risks
The UK-wide poll behind the research supports this… It found that 25% have no one at all assigned to system checks during Christmas. Another 25% trusts staff who do not work full time in this area. These figures are a sign that many firms take a relaxed stance at the very moment criminals seek weaker barriers.
Holiday season attacks are not rare. More than a third of the firms in the poll have faced one before. For criminals, the quiet winter week brings fewer eyes watching the network. Firms may expect trouble only during busy sales periods, but the pattern shows that late December creates its own window of risk.
What Do Firms Plan To Change Next Year?
Kaspersky says many owners speak about strengthening backups, raising threat detection and helping staff learn better habits before 2026. These ideas come up often in the survey, yet firm plans are scarce. Only 19% say they will definitely invest in cybersecurity next year, while almost the same share says they are unlikely to invest at all.
This hesitation leaves a gap between what owners say they want and what they are prepared to confirm. The pattern of past incidents shows that waiting too long risks another holiday season marked by intrusions. Owners often trust that routine updates will cover them, even though the poll shows that such routines do not stop criminals who take advantage of quiet offices and unstaffed systems.
“A toxic selection box of holiday pressures, year-end work deadlines, financial demands, and social obligations means December can be one of the most stressful times of the year. This is especially true for small business owners, who often take on more than their fair share of the workload over the festive period. IT security can slip off the ‘to do’ list for some,” warns Anna Papla, UK territory channel manager at Kaspersky, adding: “Cybercriminals will take full advantage of vulnerabilities as many businesses shut down operations. But extended closures don’t have to mean extended exposure. With the right alerting and backup practices, SMEs can enjoy a very Merry Christmas.”
