In a nutshell: Summer holiday absences lead to 69 percent email fraud between June and August, but ransomware remains undetected an average of nine days longer, with damages becoming visible only in autumn.
July and August rank among the most damaging months for cyberattacks because holiday absences, inadequate coverage arrangements, and reduced control processes create attack vectors. According to the damage report by cyber insurer Stoïk, the financial impact is often not apparent until autumn.
Attackers deliberately exploit organizational rhythms. During the summer, network monitoring decreases due to reduced IT staff, coverage arrangements are incomplete, and approval processes in accounting and procurement operate at minimal capacity. This creates windows in which email fraud and credential theft can pass through more easily.
In Stoïk’s insurance portfolio, email fraud was the cause of 69 percent of all reported claims in the June to August 2025 period. The hotel industry shows alarming trends: the share of hotels in total claims rose from 2.67 percent to 7.04 percent. In this sector, 44 percent of incidents occur via manipulated emails, 36 percent through data theft. The typical attack pattern involves phishing hotel databases and then sending fraudulent payment requests to guests. Other documented causes in summer 2025: compromised internet systems (8 percent), ransomware (6 percent), classic data theft (6 percent).
A frequent variant is CEO fraud: forged urgent payment requests in the five-figure range, allegedly from the managing director, arrive at vacation coverage staff. Equally effective is supplier impersonation, where a purported bank account change of a business partner is communicated. Since the four-eyes principle is suspended during vacation, millions are transferred to false IBANs.
The damage impact unfolds with a time lag. When employees connect to the VPN via open hotel Wi-Fi networks, infostealers install access tools in the background. Compromised VPN or system credentials were the entry point in 40 percent of all analyzed attacks. Ransomware remains undetected longer in the network during the summer: while average dwell time is 22 days per year overall, it rises to 31 days in July and August. The statistical consequences only become apparent in October and November, when credential compromises spike in diagnosis.
Source: www.it-daily.net · Published June 26, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.