80% of Education Providers Hit with Ransomware

Schools present a soft, profitable target for cybercrims.
Sep 21, 2023
Cybercriminals
Schools tend to pay ransomware demands, so the problem snowballs.

The education sector is the most targeted industry by cybercriminals, primarily motivated by the high percentage of schools choosing to pay the ransom.

In lower education, the recovery costs are on average around $1.59 million, remaining steady in 2023 and 2022.

Recovery costs in higher education have decreased significantly from the $1.42 million reported last year to just over $1 million in 2023.

The mean cost to recover from ransomware attacks across all sectors is estimated at $1.82 million, an increase from the $1.4 million in 2022.

80% of lower education providers and 79% of higher education institutions reported ransomware attacks in the last year.

Compromised credentials and exploited vulnerabilities are the top root causes of ransomware attacks in education.

In lower education, 36% of attacks originated from compromised credentials, while in higher education, 40% were due to exploited vulnerabilities.

These figures indicate a need for robust cybersecurity measures and employee training in educational institutions.

While the immediate financial cost of a ransomware attack is evident, the recovery from the attack also includes the cost of system downtime, loss of productivity, and reputational damage.

Construction (71%), the federal government (70%), and media & entertainment (70%) are also within the top five most targeted industries by ransomware attacks, but at a notably lower rate than educational establishments.

The figures come from a recent Sophos survey of 3,000 IT and cybersecurity leaders across 14 countries, including 400 from the education sector, conducted in January-March 2023.

To read the full report see https://atlasvpn.com/blog/80-of-education-providers-hit-with-ransomware-last-year-biden-administration-responds
 
Image by Mikhail Nilov