Is your store ready for cyber threats?

Learn how ecommerce businesses are securing their success during the busiest shopping months in Liquid Web’s cybersecurity readiness study.

Prevent $147K in revenue losses with cybersecurity readiness

Explore the study

Key points
Cyberattack frequency and impact
The hidden costs of cybersecurity gaps
Cybersecurity investment trends
How to protect your business
Download the Black Friday guide
Fair use statement
Learn more

While the holiday shopping season offers significant revenue opportunities, it also brings heightened cybersecurity risks. In our survey of 505 business owners – 77% running ecommerce operations and 23% managing traditional businesses with an average revenue exceeding $3.1 million last fiscal year – December emerged as both the busiest sales period and the peak time for cyber incidents.

These businesses represent a range of industries, including retail, fashion and apparel, tech, health and wellness, finance and banking, and manufacturing. And while 77% owned an ecommerce business, 23% owned a traditional business.

This study explores the financial and operational challenges these companies face due to cybersecurity threats during peak shopping months and how they aim to protect their revenue and customer trust.

Key points

December downsides: Business owners are most likely to consider December a peak shopping month (64%) and to experience the most cyber incidents during that month (39%).

Over 1 in 4 business owners (26%) have experienced a cyber incident on Black Friday or Cyber Monday – the most of any shopping holiday.

On average, businesses expect a revenue loss of $147,848 (or 20%) if they face a significant cybersecurity incident during a peak shopping month.

Old and outdated: Outdated software or systems are the most common cybersecurity vulnerability, affecting 36% of businesses.

Businesses reported an average revenue loss of $20,369 (or 4.4%) from cybersecurity vulnerabilities in the past year and $92,744 during the company’s lifetime.

28% of businesses have implemented an “emergency patch” during a peak shopping month.

On average, business owners allocate 16% of their cybersecurity budgets to holiday readiness.

72% of business owners are confident in their cybersecurity defenses for the upcoming holiday season, and 67% are confident in their employee’s ability to respond to potential incidents.

How often do cybersecurity issues disrupt businesses?

Key insights for peak season protection

Cyber incidents disrupt operations, hurt revenue, and challenge businesses to respond quickly and effectively. These events can freeze critical systems, delay essential services, and expose sensitive data, leaving companies scrambling to regain control while facing mounting financial losses and reputational damage.

Looking at how often they happen and the damage they cause highlights the need for stronger defenses.

Percentage of business owners who received a cyberattack during peak shopping time, broken down into every month of the year. November and December have the highest frequency of cyberattacks.

December stands out as the most critical shopping month for businesses, with 64% of business owners identifying it as their peak sales period. However, this seasonal high also comes with increased risks, as 39% of business owners reported experiencing the most cyber incidents during this time.

Percentage of business owners who faced a cyber incident on major holidays, Black Friday and Christmas have the most cyberattack attempts

During peak shopping months, cyber incidents are alarmingly frequent. Business owners reported facing an average of 3 cyber incidents, with nearly 1 in 4 (24%) experiencing 5 or more.

Black Friday and Cyber Monday were the riskiest shopping holidays, with 26% of business owners encountering a cyber incident on these high-traffic days.

Detecting and responding to these incidents is no small feat. On average, it takes business owners over 10 hours to respond to cyberattacks – time that could otherwise be spent driving sales and supporting customers.

Percentage of businesses that experienced phishing, malware, data breach, ddos, and ransomware over the past 12 months. Phishing is the most common cyberattack.

Cyber threats are also a persistent challenge for companies outside the holiday season. In the past year, 1 in 2 businesses experienced phishing attacks, and over 7 in 10 (73%) reported facing at least one cyber threat.

These incidents can be costly, with businesses anticipating an average revenue loss of $147,848 (or 20%) if a significant cybersecurity issue arises during a peak shopping month. Beyond financial impacts, 12% of business owners noted long-term damage to customer loyalty and trust following recent cyber incidents.

“The holiday season is a double-edged sword for ecommerce businesses—offering immense revenue potential but also heightened cyber risks.”

Carrie Wheeler
President of Liquid Web

The hidden costs of cybersecurity gaps

What you risk to lose

Cybersecurity vulnerabilities can have lasting impacts on both revenue and customer trust. This section examines the financial cost of these gaps and how businesses address outdated systems and emergency risks.

Top cybersecurity vulnerabilities faced by ecommerce businesses in order: outdated software or systems, weak authentication protocols, lack of employee training, insufficient data encryption, and unsecured APIs. Also depicts the estimated revenue loss of vulnerabilities, which amount to $92,744 on average.

Outdated software and systems are a significant concern for businesses, with 36% identifying them as their most common cybersecurity vulnerability.

These gaps come at a cost: on average, businesses reported a revenue loss of $20,369 (or 4.4%) in the last year due to these vulnerabilities and a total loss of $92,744 since the company’s inception.

Additionally, 13% of business owners acknowledged that such vulnerabilities have severely impacted customer trust – an invaluable asset in today’s competitive market.

Shows the frequency of patching and software updates of the surveyed businesses, monthly is the most popular, followed by quarterly and only as needed.

While many businesses work to address vulnerabilities, their efforts are inconsistent. Nearly 2 in 5 business owners have updated their cybersecurity software or patch vulnerabilities at least once a month. However, 16% said they only do so as needed, and 12% were unsure of their patching frequency.

During peak shopping months, 28% of businesses have had to deploy emergency patches. Patching, which involves fixing vulnerabilities in software to address security gaps, is a reactive approach that highlights the need for more proactive security practices.

How to strengthen your defenses against cyber threats

Proactive investments in cybersecurity make navigating peak shopping seasons easier. Businesses are using these strategies to protect against threats and ensure they’re ready for the holidays.

Cybersecurity readiness statistics, showing only 67% of surveyed businesses are confident in their employees cybersecurity training, and an average of 16% of budgets dedicated to the holiday season. Also showcases the most implemented security measures, which include MFA/password security, data encryption like SSLs and VPNS, and regular system updates.

Businesses are taking significant steps to protect themselves from cybersecurity threats. The most commonly implemented measures included multi-factor authentication, data encryption, and regular software updates and patching.

Another key tool to enhance cybersecurity is managed hosting, which provide expert support, advanced security features, and optimized performance to reduce cyber risks.

With automatic updates, proactive monitoring, and robust data protection, managed hosting services help keep websites secure and reliable, even during peak shopping periods.

Key budget investment points for ecommerce businesses, which include in priority: data encryption, threat detection systems, and better cybersecurity training

Recognizing the need for stronger defenses, 21% of business owners said they plan to increase their investment in data encryption and protection to reduce vulnerabilities. On average, businesses allocated 16% of their cybersecurity budgets specifically for holiday preparedness.

Despite these challenges, confidence remains high: 72% of business owners were optimistic about their defenses for the upcoming holidays, and 67% said they trust their employees’ ability to respond effectively to potential incidents.

“Managed hosting is a frontline solution for cybersecurity. A team of experts monitors, manages, and secures your hosting environment, you can focus on growing your business.”

Carrie Wheeler
President of Liquid Web

How to secure success and protect your business during the holiday rush

The holiday season brings great opportunities for businesses, but it also amplifies cybersecurity risks that can threaten both revenue and customer trust. With outdated systems, frequent cyber incidents, and increasing costs from vulnerabilities, businesses must prioritize proactive cybersecurity measures that align with predicted cybersecurity trends.

Strengthening defenses helps businesses overcome peak shopping challenges and cyber threats. Partnering with secure and reliable hosting providers can further safeguard operations and customer trust during critical sales periods.

“To mitigate cyber threats, businesses must prioritize proactive cybersecurity, such as employee training and system updates. By doing so, companies can better safeguard their operations and protect their customers’ trust.”

Carrie Wheeler
President of Liquid Web

Fair use statement

Feel free to share this content for noncommercial purposes with proper attribution. For references, include a link back to the original source.

Share this content

<a href="https://www.liquidweb.com/white-papers/holiday-cybersecurity-risks-ecommerce-guide/" target="_blank" rel="noopener noreferrer">Holiday cybersecurity risks in ecommerce study by Liquid Web</a>

Learn more

We surveyed 505 business owners about their experiences with cybersecurity threats and vulnerabilities, specifically around the holidays. Among them, 77% owned an ecommerce business, while 23% owned a traditional business. These businesses spanned across industries like retail, fashion and apparel, tech and software, health and wellness, finance and banking, and manufacturing. The average revenue over the last fiscal year for these businesses was $3,141,308.

Liquid Web is a comprehensive web hosting provider specializing in cloud VPS, managed VPS, and VPS server solutions. Their offerings span cloud VPS hosting, DDoS protected VPS, managed VPS hosting, VPS cloud servers, and VPS server hosting, catering to diverse digital needs. From dedicated and bare metal servers to WordPress hosting, Liquid Web empowers businesses and individuals to maximize their online potential with ultra-scalable infrastructure and versatile VPS server cloud options.

Explore products