A Sophos survey shows that the education sector is struggling with ransomware. Eight out of ten educational institutions have already experienced cyber attacks: No other industry reports higher values.

Sophos listened to three thousand cybersecurity professionals, four hundred of them from the education sector. This survey shows that educational institutions are becoming an increasingly popular target for cyberattacks. Criminals also do not differentiate between elementary school and higher education: 80 percent of the first group had already dealt with ransomware, 79 percent of the second group.

These percentages were 64 and 56 percent last year and are the highest of any industry. The causes of ransomware attacks in education are no different than in other industries. Exploits and compromised credentials are responsible for more than three-quarters of ransomware attacks against higher education institutions and two-thirds of attacks against elementary schools.

Trusted data is compromised by ransomware far more often than in other industries. Data is encrypted in 74 to 81 percent of ransomware attacks. Higher education organizations report that data is also stolen in 35 percent of cases, which is higher than the industry average of around 30 percent. Only a quarter of the attacks can be prevented in time, in primary schools it is even less than one in five.

If you don’t give in, you have to feel

In the end, 99 percent of educational institutions manage to recover their data. All’s well that ends well? Not quite, because backing up is not yet the norm in education. Only 63 percent of higher education institutions back up data, making it one of the worst performing industries. Primary school education does slightly better here at 74 percent.

In the absence of good insurance, the willingness to pay is also high in the education sector. In higher education, 56 percent pay after a successful ransomware attack that encrypts/captures data, compared to 47 percent in elementary schools. Paying the ransom significantly increases recovery costs after an attack.

Victims from higher education institutions who had coverage got away with costs of 900,000 euros, for those who had to pay the average cost was more than one million euros. In primary schools, recovery costs tend to be higher, up to two million euros for ransom-paying organisations.