As virtually every industry sector is reporting an increase in cyberattacks and ransomware, the education sector remains one of the hardest hit of late, with recovery costs and timelines outpacing global averages, according to a new report from cybersecurity software provider Sophos.
The company’s survey of 5,600 IT professionals in higher education and K-12 across 31 countries found that like many other sectors, ransomware is a rising threat, as 56% of lower education and 64% of high education organizations were hit by ransomware last year, an increase from the 44% of education respondents that reported an attack in a similar 2021 report.
While the education experienced a lower attack rate than others, recovering after an attack is considerably more difficult among education IT departments, as higher and lower education have data encryption rates of 74% and 72%, respectively. Meanwhile, the global average encryption rate is 65%.
“These findings suggest that the education sector is poorly prepared to defend against a ransomware attack, and likely lacks the layered defenses needed to prevent encryption if an adversary does succeed in penetrating the organization,” Sophos explains in the report.
When it comes to paying the ransom, higher education institutions are more likely to pay than others, with a pay rate of 50%, compared to the global average of 46%. Lower education organizations paid 45% of the time.
As with any industry, paying a large ransom to a criminal does not guarantee the return of encrypted data for education organizations, as just 2% of both lower education and higher education organizations got all their data back after paying a ransom, a slightly lower rate than the 4% global average.
However, most education institutions surveyed used backups to restore their data, used by 76% of lower education and 70% of higher education organizations, compared to the global average of 73%.
Although the education attack rate is lower than other sectors, the financial and operational impact on education is higher than all other industry sectors. According to Sophos’ report, both lower ($1.58 million) and higher ($1.42 million) education organizations reported higher remediation costs than the global average due to high operational impacts and slower-than-average recovery times.
Due to a lack of resources, the education sector takes longer than average to recover from ransomware, but higher education has the slowest recovery time across all sectors with 9% reporting a recovery period of three to six months, more than double the global average of 4%. Further, 31% of higher education respondents took one to three months to recover, nearly double the global average of 16%. Overall, 40% of higher education organizations took over a month to recover, while the global average is 20%.
Also a factor in how the education sector responds to a ransomware attack is the cybersecurity insurance market, which is becoming expensive. According to Sophos, only 78% of education organizations have coverage, compared to the global average of 83%.
With ransomware payouts increasing, cybersecurity insurance is becoming more expensive, so insurers are becoming more selective about who they cover. That is leading to education organizations improving their cyber defenses, with 95% of lower education and 96% of higher education organizations doing so to secure insurance coverage, according to Sophos’ report.
The company’s report includes a list of five recommendations, including protecting all points in the IT environment, proactively hunting for threats, hardening IT environments, creating ransomware response plans and keeping secure backups.