UK small businesses prepare for Christmas closures each year, but new Kaspersky research says many leave their systems open to danger. The survey of 500 owners shows that almost a third will close for 3-5 days, and many will stretch that to a week or longer. More than 4 in 5 will shut their doors for at least a day, while only 19% will stay fully active through the period.
Kaspersky says this long pause creates an opening for criminals. Many firms trust that the quiet season means fewer risks, yet that trust does not match the record of past holidays. PwC鈥檚 Minimum Viable Company idea, which looks at which basic services keep a firm going during trouble, points out that small firms often run on only a few core systems. A short break in supervision during Christmas can make those systems easy targets.
Confidence among owners runs high as Kaspersky found that 82% describe their own protection as strong enough for the festive period. This view clashes with the research finding that 35% have already dealt with a cyber incident during a previous Christmas break. Kaspersky says this gap between confidence and reality shows a habit of over-trusting basic routines rather than applying firm checks.
1 in 4 owners says they worry about no particular threat over Christmas. Those who do feel uneasy cite phishing and ransomware more than anything else. Nearly 1 in 8 takes no action at all before closing, while others rely on tasks such as backing up data or installing updates. Only a small share tests its response plans or warns staff about seasonal scams.
Who Is Watching These Systems During The Break?
Kaspersky鈥檚 figures show different kinds of habits in how firms keep watch over their technology. Half use in-house or external IT teams, but a quarter turn to staff who do not specialise in this work. Another quarter says flatly that no one monitors anything during the break.
This silence over the holiday week gives criminals time to work without resistance. Kaspersky says the issue grows sharper when firms depend on only a few suppliers or tools, which is common among smaller operations. If those tools go down or are tampered with during the shutdown, owners return to work facing delays, lost income or system lockouts.
More from News
- World Quantum Day 2026: Experts Reflect On Industry Developments This Year
- 79% Of UK Workers Fear Losing Their Jobs This Year – And Its Not AI Related
- Scail Launches To Help Regulated SaaS Businesses Navigate The AI 鈥淧erfect Storm鈥
- X Is Taking A Slightly Different Approach To Managing Click Bait Content – Will It Work?
- AI Is Meant To Reduce Workloads, Why Is It Still Causing Workers Cognitive Fatigue?
- Apple Wins Q1 As Smartphones Shipments Go Up And Competitor Sales Go Down
- Can Travellers Expect Lower Flight Prices After The Ceasefire?
- Gen Z Consumers Face The Highest Online Fraud Risks – How Are They Staying Protected?
The UK-wide poll behind the research supports this… It found that 25% have no one at all assigned to system checks during Christmas. Another 25% trusts staff who do not work full time in this area. These figures are a sign that many firms take a relaxed stance at the very moment criminals seek weaker barriers.
Holiday season attacks are not rare. More than a third of the firms in the poll have faced one before. For criminals, the quiet winter week brings fewer eyes watching the network. Firms may expect trouble only during busy sales periods, but the pattern shows that late December creates its own window of risk.
What Do Firms Plan To Change Next Year?
Kaspersky says many owners speak about strengthening backups, raising threat detection and helping staff learn better habits before 2026. These ideas come up often in the survey, yet firm plans are scarce. Only 19% say they will definitely invest in cybersecurity next year, while almost the same share says they are unlikely to invest at all.
This hesitation leaves a gap between what owners say they want and what they are prepared to confirm. The pattern of past incidents shows that waiting too long risks another holiday season marked by intrusions. Owners often trust that routine updates will cover them, even though the poll shows that such routines do not stop criminals who take advantage of quiet offices and unstaffed systems.
鈥淎 toxic selection box of holiday pressures, year-end work deadlines, financial demands, and social obligations means December can be one of the most stressful times of the year. This is especially true for small business owners, who often take on more than their fair share of the workload over the festive period. IT security can slip off the 鈥榯o do鈥 list for some,鈥 warns Anna Papla, UK territory channel manager at Kaspersky, adding: 鈥淐ybercriminals will take full advantage of vulnerabilities as many businesses shut down operations. But extended closures don鈥檛 have to mean extended exposure. With the right alerting and backup practices, SMEs can enjoy a very Merry Christmas.鈥
