The Balancing Act: Risk vs Resilience A proactive approach to identity threats can help leaders weigh ransomware risk against staffing and resource concerns. Building business resilience requires an often complex calculation of cyber threat risk and a balance between mitigating that risk, conserving resources, and retaining security personnel. Understanding when ransomware is most likely to strike and how attackers seek to infiltrate your environment is an important factor in the success of these efforts. The 2025 Ransomware Holiday Risk Report analyzes responses from 10 countries and 8 industry sectors across North America, Europe, the United Kingdom, and Asia Pacific, gathered in partnership with international research firm Censuswide. The report offers insight into ransomware attack behavior and defense trends and recommends steps that organizations can take to strengthen their cybersecurity preparedness. Share these findings with your IT, security, and business stakeholders, and leverage the expert insights to improve your cyber crisis response planning.
“Threat actors continue to take advantage of reduced cybersecurity staffing on holidays and weekends to launch ransomware attacks. Vigilance during these times is more critical than ever because the persistence and patience attackers have can lead to long lasting business disruptions,” said Chris Inglis, the first U.S. National Cyber Director and Semperis Strategic Advisor. “In addition, corporate material events such as mergers and acquisitions often create distractions and ambiguity in governance and accountability—exactly the environment ransomware groups thrive on.”
Check out the report to find out more!
Published by
About our partner
Semperis
For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ patented technology protects over 150 million identities from cyberattacks, data breaches and operational errors.The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada and Israel. Semperis hosts the award-winning Hybrid Identity Protection Identity & Access Management (IAM) community, conference and podcast series (hipconf.com) and built the free community hybrid Active Directory cyber defender tools:Purple Knight – security assessment of your AD vulnerabilities: semperis.com/purple-knightForest Druid - attack path analysis tool to uncover the riskiest attack paths to your tier 0 assets: semperis.com/forest-druidEntraGoat - A deliberately vulnerable lab that simulates real-world identity misconfigurations in Microsoft Entra ID: semperis.com/blog/getting-started-with-entragoat-entra-id-simulation-labCheck out Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World’s Leading Defenders and Reformed Hackers: midnightinthewarroom.com
Learn more
Recommendations
GIW Federal 2025: Cyber Resilience & Organisational Uptime Using Microsegmentation by Raja Ukil
GIW Federal 2025: Securing the supply chain: Managing third-Party risk in government with Rosetta Romano
IBM Launches Microsoft Practice to Deliver Transformative Business Value for Clients
GIW Federal 2025: Emerging cyber threats and strategic responses for Australia's Federal Government
