Education sector reports the highest rate of ransomware attacks, says survey

About 79% higher educational organisations reported being hit by ransomware in the past year, while 80% lower educational organisations surveyed were targeted 

Dubai, Aug 01, 2023: The education sector has reported the highest rate of ransomware attacks in 2022, says a latest survey. The survey conducted by Sophos, a cybersecurity services platform, has found that over the past year 79% of higher educational organisations were hit by ransomware, while 80% of lower educational organisations surveyed were targeted—an increase from 64% and 56%, respectively, in 2021. 

Additionally, the sector reported one of the highest rates of ransom payment with more than half (56%) of higher educational organisations and nearly half (47%) of lower educational organisations paying the ransom. However, paying the ransom significantly increased recovery costs for both higher and lower educational organisations. Recovery costs (excluding any ransom paid) for higher educational organisations that paid the ransom were $1.31 million when paying the ransom versus $980,000 when using backups. For lower educational organisations, the average recovery costs were $2.18 million when paying the ransom versus $1.37 million when not paying.  

Chester Wisniewski, Field CTO, Sophos

“While most schools are not cash-rich, they are highly visible targets with immediate widespread impact in their communities. The pressure to keep the doors open and respond to calls from parents to ‘do something’ likely leads to pressure to solve the problem as quickly as possible without regard for cost. Unfortunately, the data doesn’t support that paying ransom resolves these attacks more quickly, but it is likely a factor in victim selection for the criminals,” says Chester Wisniewski, field CTO, Sophos. 

For the education sector the root causes of ransomware attacks were similar to those across all sectors but there was a greater number of ransomware attacks involving compromised credentials for both higher and lower educational organisations (37% and 36% respectively versus 29% for the cross-sector average).  

Exploits and compromised credentials accounted for more than three-fourths (77%) of ransomware attacks against higher educational organisations and more than two-thirds (65%) of attacks against lower educational organizations 

The rate of encryption stayed about the same for higher educational organisations (74% in 2021 versus 73% in 2022) but increased from 72% to 81% across lower educational organisations in the past year  

Higher educational organisations reported a lower rate of using backups than the cross-sector average (63% versus 70%). This is the third lowest rate of backup use across all sectors. Lower educational organisations, on the other hand, had a slightly higher rate of using backups than the global average (73%)  

The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organisations with 100 to 5,000 employees, including 400 from the education sector, across 14 countries in the Americas, EMEA and Asia Pacific. This includes 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and both public and private sector education providers.