When it comes to education sector cybersecurity statistics, knowledge is power: and, with remote work continually on the rise, it has never been more critical to keep a finger on the pulse of both past trends and emerging threats.
In today’s blog, our team covers over 100 education-related cybersecurity stats regarding K - 12 cybercrime, higher education cybercrime, what cyber challenges the industry faces, and the reasons why understanding these percentages is so valuable to IT decision makers.
Let’s jump right in:
Out of 17 reported-on industries, the education sector ranked as the least secure (with financial and healthcare ranking closely behind.) This was determined by the education sector having, on average:
The highest vulnerabilities present in application security
The weakest endpoint security
The least likely to keep software updated
What is the reason for this? While much of it is attributed to human error, device standardization (which is common across all industries, but significantly more difficult to achieve in an educational setting due to their wide number of part-time, remote, and interned workers) is rarely enforced, meaning that educational device management policies and authentication protocols for connected devices are a weak link.
Another primary reasoning for why education sector cybersecurity is lacking is that employee awareness training is seldom executed on: with human risk accounting for 82% of security breaches in 2024, organizations open themselves to threat actors by not having robust, periodic awareness training in place.
Alongside a lack of general security and periodic lapses in employee awareness training, the education sector faces the following cybersecurity concerns:
Educational institutions across both K - 12 and higher education must rapidly adapt to new technology in order to prop up their digital learning options for students; however, with each addition, new cybersecurity vulnerabilities will inevitably rear their heads.
Across North America, the majority of higher education-related organizations in the United States and Canada must adhere to the following regulations in order to safeguard the privacy, security, and confidentiality of all used and stored data:
The education sector has been the victim of steep budget cuts since 2019. Due to the COVID-19 pandemic, for example, out of the 2.6 million students who started higher education in 2019 across the United States and Canada, 26.1 %, did not return the following this year. Reasoning for this includes, but is not limited to:
Dissatisfaction with remote learning
Financial hurdles
And health concerns relating to COVID-19
Although the height of the COVID-19 pandemic has passed, North American enrollment in both colleges and universities continues to be on the decline, what with a 4.2% drop in enrollment numbers beginning in 2022. During the pandemic alone, the number of undergraduate students diminished by almost 10%.
Due to a decreasing number of students, some institutions may need to shrink budgets; however, not proactively investing in cybersecurity measures (and, in turn, cyber insurance) can inadvertently cost organizations billions in the long-run.
The bulk of attack surfaces in the education sector (and primarily across colleges and universities) is, out of necessity, made up of web-facing assets like domains and sub-domains... all of which link to sensitive internal resources that, while valuable for staff and students alike, make them easy targets for compromising.
When a threat actor successfully exploits a vulnerability in one of these web-facing assets, they subsequently get provided access access to the institution's internal network. This, in turn, is what triggers data breaches.
All security flaws are doorways to internal networks... and an extension of attack surfaces. Because so many higher education institutions have numerous domains, this makes the chances of a data breach skyrocket due to it expanding the institution's attack surface.
Threat actors target all areas of the education sector. This includes K - 12, which the official K - 12 Cyber Incident Map registers as having had:
1,619 publicly-disclosed cyber incidents spanning 2016 - 2022, including, but not limited to: unauthorized disclosures, breaches, or hacks; successful ransomware attacks; phishing campaigns; DDoS attacks; and other cyber incidents, all of which resulted in unauthorized disclosures of personal information or disruptions to the impacted schools' processes
Over 348 reported attacks in 2019 alone, which was nearly 3x as many reported in 2018
In 2020, this figure increased to 377 reported incidents, which equated to approximately two incidents per school day
There has been a 30% quarter-over-quarter increase of attacks against K - 12 since the end of 2022
Other studies have shown that:
29% of K - 12 school districts have reported being successfully targeted by cybercriminals
12% of districts do not currently allocate funds to proactive cybersecurity, meaning that they are left without the valuable cyber insurance that would have helped them regain costs and recover information post-breach
Global ransomware attacks against both K - 12 and higher education were estimated to cost over $53 billion in downtime between 2018 and 2023
6.7 million personal records were breached via ransomware between 2018 - 2023
Only 33% of education sector staff feel that they have sufficient cybersecurity measures in place
29% of districts publicly disclose successful cyberattacks, although the real percentage is estimated to be much higher
66% of school districts do not have full-time cybersecurity staff
The education sector reportedly made up 13% of all security breaches during the first half of 2017, which resulted in 32 million records being compromised by threat actors
Higher education has some of the strictest regulations globally regarding financial information, academic, clinical, and government research, and personal data for students and staff alike; as such, institutions will face fines and sanctions by federal governments if regulatory noncompliance is unearthed
There has been a 75% increase in cyberattacks year over year in higher education
Higher education ranks as having the slowest recovery times post-breach, with 40% of higher education organizations needing more than a month to recover, which is twice the global industry-wide average of 20%
Half of all targeted higher education organizations admitted to paying the requested ransoms in the wake of a successful ransomware attack; however, only 2% reported having their data returned in full (with 61% reporting only partial data recovery)
Within a one-month period in 2022 alone, higher education institutions in the education sector were the victims of over 6.1 million malware attacks
96% of IT decision-makers in the education sector state that their institutions are susceptible to external cyberattacks; 71% state that they are not prepared to recover lost data if an attack is successful
Approximately 74% of ransomware attacks on colleges and universities have been successful (in direct comparison to 68% that were successful in the business sector, 61% in healthcare, and 57% in the financial sector)
The average ransomware attack costs educational institutions $2.73 million ($300,000 more than the next highest sector, healthcare) in 2024
30% of data breaches in the industry were attributed to ransomware attacks
Ransomware attacks on North American colleges increased 100% between 2019 and 2020
Only 11% of surveyed higher education staff members stated that their organizations had increased spending on security awareness training in the wake of a successful cyberattack
Two-thirds of colleges reported not having implemented email security measures, with 86% having been the victims of botnet targeting
In 2019, a minimum of 966 government agencies, healthcare organizations, and higher education institutions were compromised in a wide-scale ransomware attack that costed over $7.5 billion collectively
Research IPs are deemed to be of high value to threat actors, which is partially why higher education is such a targeted sector
73% of higher education institutions report feeling unprepared if an attack were to occur
Human error is the main reason for data breaches in the higher education sector at 52%
45% of all universities were observed with at least one asset running a version of PHP past its ideal end-of-life date
Among the top-ranked 500 universities in the United States alone, an average of 30 domains were utilizing end-of-life PHP, meaning that the software in question had not been updated for a minimum of two years
By understanding the trends and emerging threats that education sector cybersecurity statistics point to, staff and IT decision makers can better advocate for proactive cybersecurity measures.
In 2024 and beyond, proactive cybersecurity measures include, but are not limited to, the following:
Building Funding Narratives: Funding narratives for the education sector demonstrate the potential threats of not investing (or cutting the budget to) cybersecurity. By providing research-backed statistics, decision makers can influence the prioritization of funding to high-risk security areas that can be the difference between a safeguarded institution and losing up to billions in reputational and financial damages
Being Eligible for Cyber Insurance: In 2024, more institutions than ever before are being denied cyber insurance. Cyber insurance is a type of insurance product that an entity or business purchases as a contract to help minimize the financial risks associated with online businesses or businesses that leverage technology. The policyholder pays a monthly or quarterly fee while transferring the risk to the insurer; in addition, it is important to note that cyber insurance is a new and emerging industry that grew from US$ 9.73 billion in 2021 to US$ 11.75 billion (approx.) in 2022 alone. Partially due to this influx, cyber insurance companies are reluctant to offer claims or accept insurance proposals from companies for a myriad of reasons, including not having proactively invested in anti-cybercrime measures before a breach has occurred
Employee Awareness Training: By periodically providing cybersecurity training to employees, organizations can lessen the likelihood of human error resulting in data breaches; this is especially effective as a way to counteract social engineering, which utilizes psychology to create successful phishing campaigns against unsuspecting staff and students alike
Continuous Penetration Testing: Hailed as one of the best ways to safeguard institutions, Continuous Penetration Testing replicates continuous attacks on your web applications and IT infrastructure. Threat actors regularly target enterprises to uncover and exploit new vulnerabilities. By performing Continuous Penetration Tests, vulnerabilities can be detected and remedied more proactively than point-in-time security assessments, and by leveraging education sector cybersecurity statistics, the importance of periodic pentesting can be emphasized to decision makers
In 2024, penetration testing is one of the most valuable ways for education-related organizations to safeguard valuable data and surpass their regulatory compliance commitments.
At Packetlabs, our team's flexible pentesting offerings encapsulate:
DevSecOps: DevSecOps is integrated early in your development cycle and acts as an extension of your development team to flag vulnerabilities within your existing detected management systems
Red Teaming: Red Teaming is a full-scope simulated attack designed to get a holistic review of the level of risk and vulnerabilities across people, processes, and tech in an organization
Purple Teaming: Purple Teaming is our collaborative testing exercise where the Packetlabs red team works with your internal security operations team (or blue team) to bridge the gap between offensive techniques and response efforts
Cyber Maturity Assessments: A Cyber Maturity Assessment supports the tactical direction of your cybersecurity strategy. As the first step in strengthening your security posture, this assessment generates the roadmap to strengthen your overall security program
OT Assessments: OT Cybersecurity Assessments simulate the likelihood of an attacker reaching the control centre from an external and internal perspective with production-safe testing
Ransomware Penetration Testing: A ransomware penetration test evaluates the preparedness and risk of a ransomware attack and identifies gaps in people, processes, and technology, to determine the likelihood and readiness for a ransomware attack
Cloud Penetration Testing: Multiple perspectives help with strengthening your security posture. These include Cloud Penetration Testing, which simulates an attacker in the environment, and a Cloud Penetration Review, which provides insights into cloud-specific vulnerabilities originating from an insecure configuration. Each of these services can be conducted separately or, for maximum effectiveness, combined as an enhanced cloud security bundle
Objective-based Penetration Testing: Following a preliminary penetration test, objective-based testing conducts a more advanced simulated cybersecurity attack. The test is conducted by persistent ethical hackers who deploy multiphase attacks to gain access to your organization's data so that you can discover gaps and vulnerabilities unique to your organization and test your ability to detect and respond to threat actor
Application Security Testing: More targeted in scope than a regular pentest, application security testing uncovers vulnerabilities residing in your web and mobile apps. Application Security Testing actively explores your application from an attacker’s perspective
Infrastructure Penetration Testing: An infrastructure penetration testing assessment uncovers vulnerabilities in your IT and network systems and provides a tailored approach to each environment
These are in addition to the Packetlabs Portal, which enables teams to quickly view findings, prioritize efforts, request retests after remediation, and monitor progress.
Across North America, the education sector is one of the most valuable to cyberattacks. These alarming percentages are only anticipated to grow in 2024 and beyond.
If you're reading this, your organization is already in the market for a pentest. Contact our team today for your free, zero-obligation quote (or download our Buyer's Guide below to take the next step towards a stronger security posture.)
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.