College and university networks were an appealing target for cyberattacks prior to COVID-19. However, the shift to remote and online learning en masse quickly increased the number and severity of cyberattacks on institutions to an alarming level.

Although there’s growing awareness around the risks data security breaches pose, the higher ed industry as a whole still has a long way to go before it can more effectively safeguard its data and resources.

10 startling facts about cybersecurity in higher education

It’s important for college and university leaders to prioritize their data security strategies considering these 10 concerning facts and stats about cybersecurity in higher ed.

1. Three-quarters of all data breaches in the education sector were in higher ed.

In July 2020, it was reported that 1,327 data breaches in the education sector had resulted in the exposure of 24.5 million records since 2005. Higher education accounted for three-quarters of those breaches.

2. Data security is the second-largest liability risk for institutions.

Universities ranked data security as their number two liability concern on a recent list of the top 10 risks affecting institutions in 2019–2020. This liability is contributing in part to increasing annual insurance premiums for institutions, which are estimated to have grown between an average of 10 and 35 percent across an institution’s insurance portfolio over recent years.

3. Nearly 90 percent of institutions don’t protect students and faculty from phishing attacks.

A 2018 study showed that 88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain.

4. Cyberattacks on schools increased 30 percent in July and August 2020.

The number of attacks on educational institutions has grown faster than in any other sector – a 30 percent increase compared to a 6.5 percent increase across all industries in July and August 2020, according to a recent report.

5. The average ransomware demand hit $312,493 in 2020.

Ransom demands are rising quickly. In 2020, the average ransomware demand hit $312,493 according to a recent report. In 2019, the average ransomware demand was $115,123 – this is a 171 percent year-over-year increase.

6. The FBI’s Cyber Division recently warned that cybercriminals are increasingly targeting education institutions.

A spate of recent cyberattacks on colleges, universities, seminaries and K-12 schools prompted a warning from the FBI’s Cyber Division in early March 2021. The advisory notice warned that criminals using malicious ransomware software are steadily targeting more education institutions and attempting to extort them. They’re using phishing emails and stolen credentials to access schools’ IT networks.

7. The education sector was ranked the least secure major industry.

Out of 17 industries studied in 2018, the U.S. education industry was the lowest performer in terms of cybersecurity. It performed poorly in patching cadence, application security and network security.

8. Higher ed had the highest rate of ransomware across all industries.

In an examination of nearly 20,000 companies against the growing threat of ransomware, data scientists found education had the highest rate of ransomware across all industries in 2016. This is three times more than healthcare and 10 times more than finance.

9. The average lifecycle of a breach is 279 days.

A 2019 report found that the average lifecycle of a breach was 279 days, with companies taking 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. The same study showed that companies who detected and contained a breach in less than 200 days spent significantly less on the total cost of the breach.

10. The top three most common types of higher ed breaches are hacking, unintentional disclosure, and theft or loss of personal devices.

Between 2005 and 2020, hacking accounted for 43 percent of higher ed breaches, unintentional information disclosures accounted for 27 percent, and the theft or loss of portable devices made up 15 percent. Those figures suggest that beyond shoring up sensitive data with digital fortifications, proper training in the handling of data – and physical technology – remains crucial.

It’s time to prioritize your data security strategies

It’s clear that colleges and universities are facing an uphill battle to secure their networks and protect their data. The stats about cybersecurity in higher ed above show that, although hackers have become increasingly skilled at stealing student and institutional data, the education industry is struggling to deal with these malicious threats.

This can be attributed to the fact that most schools are using aging IT infrastructure, coupled with vulnerabilities from widespread remote learning, unsecured Wi-Fi connections, untrained user networks and understaffed IT departments. If your institution’s IT team is feeling the strain to protect against data breaches, our information security experts at Collegis Education can help.

Author: Elise Povejsil

Elise Povejsil is a former marketing manager (content and communications) for Collegis Education. She holds a Bachelor of Arts in Conflict Studies from DePauw University.