Skip to main content

The Black Friday Cyber Threat You're Probably Not Prepared For

Black Friday isn’t just the biggest shopping day of the year. It‘s one of the biggest hacking days of the year.

Cybercrime Spikes 70% on Black Friday

Cybercriminal activity spikes by 70% during Black Friday, compared to regular shopping days, per CoinLaw’s 2025 data.  

For small businesses, this reality hits different. According to CoinLaw’s 2025 financial cybersecurity analysis, 56% of small and midsize businesses reported a cyberattack during Black Friday sales last year.  

While you’re focused on sales volume, cybercriminals are focused on your systems. 

The 2025 Threat Landscape: 

Allianz Commercial’s 2025 cyber risk report shows that ransomware accounts for 60% of the value of large cyber claims, and they’re predicting an uptick in loss activity from Black Friday onwards. 

But here’s what’s changed: Attackers are shifting focus to smaller firms. Ransomware was involved in 88% of data breaches at small and medium firms compared to 39% at large firms. You’re not too small to be a target. You’re the preferred target. 

What's Coming in 2026: 

Impact My Biz reports that credential stuffing incidents surged by 80% during Cyber Monday in 2023, affecting over 40 million accounts globally. With AI making phishing more sophisticated and deepfakes more convincing, 2026 will be worse unless you prepare now. 

DDoS attacks during Cyber Week are becoming standard. Imperva’s analysis shows they prevented an average of 30 hours of downtime per retail site during the 2023 holiday season, with 10 hours prevented during Cyber Week alone. 

Your Action Plan - Starting Today: 

Start Your Action Plan Today. Here is a short list of what you can do NOW, but your plan should expand on this list and take into account your own unique set of requirements and risks— 

  1. Run a cyber risk assessment now  Don’t wait until the week before Black Friday. Identify vulnerabilities in your payment processing, customer data storage, and website infrastructure. 
  2. Patch everything – Every outdated plugin, every pending security update, every “we’ll do it later” task needs to be done before November 1st. 
  3. Test your backup systems – When ransomware hits on Black Friday, you need to know your backups work. Test restoration now, not during the attack. 
  4. Implement rate limiting – Protect against credential stuffing and DDoS attacks by limiting login attempts and implementing bot detection. 
  5. Schedule security monitoring coverage – Your IT team needs to be alert during peak shopping hours. Plan coverage now. 

This isn’t about being paranoid. It’s about being prepared. The hackers are already planning their Black Friday. Are you? 

Next week: What employers can do to keep employee productivity up during the holiday season. 

Recent Posts

For additional help for Black Friday & Cyber Monday

Call us today