16 July 2024
Sophos, a British cybersecurity firm, has released a study conducted with 600 IT and cybersecurity leaders in educational institutions, highlighting the ongoing risks and financial impacts of ransomware attacks.
Incidence drops, but sector remains vulnerable
The study found that 63% of lower education institutions and 66% of higher education institutions experienced ransomware attacks in the past year. These figures represent a notable decrease from the 80% and 79% reported in 2023 for lower and higher education, respectively, suggesting increased awareness and defensive measures against cybersecurity threats. Despite the decrease, the attack rates in the education sector remain higher than the global cross-sector average of 59%.
Backup compromises remain a critical vulnerability
Moreover, 95% of educational institutions hit by ransomware reported attempts by cybercriminals to compromise their backups. Of these, 71% were successful, making it the second-highest rate of successful backup compromise across all sectors, following the energy, oil/gas, and utilities sectors. This high success rate highlights a critical vulnerability in backup security within educational institutions.
Soaring financial costs of ransomware recovery
Financially, the impact of ransomware attacks on educational institutions has been significant. The mean cost of recovery for lower education institutions in 2024 was USD 3.76 million, more than double the USD 1.59 million reported in 2023. For higher education institutions, the mean recovery cost was USD 4.02 million, nearly four times higher than the USD 1.06 million reported in 2023. These rising costs underscore the substantial financial burden ransomware attacks impose on the education sector.
Widespread impact on devices
The extent of ransomware’s impact is also concerning, with an average of 52% of computers in lower education and 50% in higher education being affected by these attacks. These figures are slightly above the cross-sector average of 49%, indicating that educational institutions remain particularly vulnerable to widespread disruptions from ransomware.
Data restoration: ransom payments and backup use increase
In terms of data restoration, the study revealed that 62% of lower education institutions paid the ransom to retrieve encrypted data, while 75% used backups to restore data. For higher education, 67% paid the ransom, and 78% utilised backups for data restoration. Higher education institutions ranked second-highest in both the propensity to use backups for data restoration and the propensity to pay ransom, while lower education institutions ranked third in ransom payment. This suggests a significant reliance on both ransom payments and backup systems to recover from ransomware attacks.
This underscores the ongoing vulnerability of educational institutions to ransomware attacks, despite improvements in cybersecurity measures. The financial burden and the high success rate of backup compromises highlight the need for continued vigilance and enhanced security protocols in the education sector.
