After a decline, ransomware attacks seem to be making a comeback. This statistic cuts across all sectors even though it is subject to variations, but one sector has seen one of the biggest surges is the education sector. Ransomware is a type of malware that can prevent education providers, employees, and pupils from accessing systems and the important data held on them. Typically, the data is encrypted by the attacker, but it may also be deleted or stolen. In some attacks, the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. Attackers are notoriously slippery; they typically use an anonymous email address (such as ProtonMail) to initiate contact. They often request payment in the form of cryptocurrency. Ransomware attacks can have devastating impacts on the education sector, no less because it often requires a significant amount of recovery time to reinstate critical services. There’s also reputational damage for the education provider or facility. Often, these attacks are high profile in nature, with wide public exposure and media interest.
According to a report by Sophos:
- Ransomware attacks on education have increased – 56% in lower education and 64% in higher education were hit in 2021, up from 44% in education who were hit in 2020.
- The increase in attacks is part of a global, cross-sector trend. Even though the education attack rates are high compared to 2020, they are below the cross-sector average.
- Education is the sector least able to stop data being encrypted in an attack – higher education reported the highest data encryption rate of all sectors at 74%, with lower education only a little behind at 72%.
- 45% of lower education and 50% of higher education organisations paid the ransom to get the encrypted data back compared with the global average of 46%.
- The percentage of data recovered by education organisations after paying the ransom is in line with the global average of 61%: lower education at 62% and higher education at 61%. However, only 2% of education organisations that paid the ransom got ALL their data back after paying the ransom.
- The ransomware recovery bill is very high – lower education spent US$1.58m and higher education spent US$1.42m to rectify ransomware attacks compared with the global average of US$1.40m.
- Education is slow to recover from ransomware attacks – higher education reported the slowest ransomware recovery time across all sectors with 9% of respondents reporting a recovery period of 3-6 months, more than double the global average of 4%.
- Education has below-average cyber insurance coverage rates – only 78% of education organisations have cyber insurance coverage against ransomware compared with the global average of 83%.
- Cyber insurance is driving better cyber defences – 95% of lower education and 96% of higher education organisations with cyber insurance have upgraded their cyber defences to improve their cyber insurance position.
- Cyber insurance almost always pays out in the event of a ransomware attack – lower education reported a 99% pay-out rate and higher education a 100% pay-out rate.
- The growing rate of ransomware attacks in education reflects the success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. Most education organisations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims.
The Impact of Ransomware
The good news is most institutions hit by ransomware can get their data back, this is mainly because most have invested in backup solutions, and others resort to paying the ransom, although paying the ransom doesn’t always guarantee getting data back.
The ransom sums are just part of the story, and the impact of ransomware ranges much more widely than just the encrypted databases and devices. 94% of lower education and 97% of higher education respondents hit by ransomware said the attack impacted their ability to operate, while 92% (lower) and 96% (higher) of those working in the private sector said the attack caused their organisation to lose business/revenue. The commercial and operational impact on higher education was the highest across all sectors on both fronts. Lower education was second only to higher education in terms of loss of business/revenue.
How Can Organisations Respond?
Stay in the Game: Mitigate & Remediate
Across all sectors, on average 83% of organisations had secured cyber insurance against ransomware. In comparison, only 78% of lower education and higher education organisations have coverage. In other words, it is more expensive to get insured in the education sector, this mainly emanates from the low cyber security budgets versus the amount of data that needs to be protected, as a result premiums go up.
The subsequent insurance coverage gap is leaving many education organisations exposed to the full cost of an attack, increasing the overall ransomware remediation costs. As insurance coverage becomes more challenging to secure, education is improving its cyber defences to improve its cyber insurance position.
At Mitigate Cyber, we can offer solutions to put institutions on the right path to avoid entirely or minimise the impact of Ransomware, some of these which may include:
