While the sector reports one of the highest rates of ransom payments, doing so significantly increased recovery costs and time
Sophos, a cybersecurity as a service platform, released a new sectoral survey report, “The State of Ransomware in Education 2023,” which found that education reported the highest rate of ransomware attacks in 2022. Over the past year, 79 per cent of higher educational organisations surveyed reported being hit by ransomware, while 80 per cent of lower educational organisations surveyed were targeted—an increase from 64 per cent and 56 per cent in 2021, respectively.
Additionally, the sector reported one of the highest rates of ransom payment with more than half (56 per cent) of higher educational organisations paying and nearly half (47 per cent) of lower educational organisations paying the ransom.
However, paying the ransom significantly increased recovery costs for both higher and lower educational organisations. Recovery costs (excluding any ransoms paid) for higher educational organisations that paid the ransom were USD 1.31 million when paying the ransom versus USD 980,000 when using backups. For lower educational organisations, the average recovery costs were USD 2.18 million when paying the ransom versus USD 1.37 million when not paying.
Paying the ransom also lengthened recovery times for victims. For higher educational organisations, 79 per cent of those that used backups recovered within a month, while only 63 per cent of those that paid the ransom recovered within the same timeframe. For lower educational organisations, 63 per cent of those that used backups recovered within a month versus just 59 per cent of those that paid the ransom.
For the education sector, the root causes of ransomware attacks were similar to those across all sectors, but there was a significantly greater number of ransomware attacks involving compromised credentials for both higher and lower educational organisations (37 per cent and 36 per cent respectively versus 29 per cent for the cross-sector average).
Additional key findings from the report include:
Exploits and compromised credentials accounted for more than three-fourths (77 per cent) of ransomware attacks against higher educational organisations; these root causes accounted for more than two-thirds (65 per cent) of attacks against lower educational organisations
The rate of encryption stayed about the same for higher educational organisations (74 per cent in 2021 versus 73 per cent in 2022), but increased from 72 per cent to 81 per cent across lower educational organisations during the past year
Higher educational organisations reported a lower rate of using backups than the cross-sector average (63 per cent versus 70 per cent). This is the third lowest rate of backup use across all sectors. Lower educational organizations, on the other hand, had a slightly higher rate of using backups than the global average (73 per cent)
The State of Ransomware 2023 survey polled 3,000 IT/cybersecurity leaders in organisations with between 100 and 5,000 employees, including 400 from the education sector, across 14 countries in the Americas, EMEA and Asia Pacific. This includes 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and both public and private sector education providers.
