While everyone else is hanging their stockings by the chimney with care this Christmas, response teams at law firms across the country may be busy checking their emails and voice messages for news of an errant cyber incident.

Many of those practices have been developed to respond to a breach, ransomware or other intrusion at the drop of a hat, 365 days a year. Holidays, however, may be like red meat to bad actors looking to capitalize on corporate vacations and an influx of financial (aka shopping) activity, all the while posing some unique logistical challenges to the attorneys tasked with responding.

"Holidays tend to be the biggest time [for cyber incidents] because the thinking is that the security teams are not at their computers — they are home. IT people aren't there to see weird stuff happening," said Christopher Ballod, a partner with Lewis Brisbois Bisgaard & Smith.

He noted there tends to be a big spike in cyber incidents in the week leading up to Christmas, which then trails off as the calendar approaches New Year's Day (even hackers need vacations).

What this means for privacy and cybersecurity teams varies from law firm to law firm. Ballod, for instance, indicated that Lewis Brisbois tends to beef up the number of responders on call over the holidays.

The resources that are needed run the gamut from bodies monitoring inquiries that come in over email or telephone lines to people who can run the necessary conflict check required before a lawyer can officially take on the case.

"It's like an arms race with incident response. If you can't respond in 15 minutes with 'conflicts are clear and we're ready to jump on a call,' you're really not that helpful to the people who are in crisis," Ballod said.

Still, rapid-response time isn't exactly an alien concept to law firms. DLA Piper, for example, has two attorneys on call every weekend to handle any cyber incidents that clients may bring to their doorstep.

Jim Harper, co-chairman of the firm's global cybersecurity practice, doesn't expect to make any changes in anticipation of the holiday season.

To be sure, not all firms are anticipating a bundle of yuletide cyber fires.

Christopher Hart, co-chairman of the privacy and cybersecurity group at Foley Hoag, has noticed an uptick in the number of incidents that tend to occur this time of year, but indicated that he would be surprised to receive any calls over the Christmas holiday since most clients will be away from their desks.

Those absences can make it difficult to organize an effective and quick response even if a cyber incident is brought to the attention of an attorney. For example, while many organizations may have put a breach response plan in place, Hart has yet to see one that specifically accounts for the holidays and the ensuing absence of key decision-makers.

"It is harder. … Clients themselves want to take their own vacations," Hart said.

It's not just the corporate vice presidents who may be off singing Christmas carols in parts unknown. Other key partners that law firms may rely on in the aftermath of a cyber incident—vendors such as forensics companies—may be experiencing their own holiday-related slowdowns.

"When they try and get the resources they need, sometimes that just isn't available to them. So it's really a ballet that we have to orchestrate all while staying completely calm for the client," Ballod of Lewis Brisbois said.