The education sector suffers from the highest data encryption rate and the longest recovery time worldwide.
Sophos’ The State of Ransomware in Education 2022 study results show that 60 percent of educational institutions worldwide were targets of attacks in 2021. 7 percent of those attacked took three to six months to recover data. Under 2 percent of educational institutions were able to recover all encrypted data after paying a ransom. While about 40 percent of all educational institutions said it took about a month to recover data affected by a ransomware attack, it took three to six months for 9 percent.
Treasure trove of personal data with little protection
“Schools are among the preferred targets for attackers because they lack strong security measures and are a treasure trove of personal data,” said Chester Wisniewski, principal research scientist at Sophos. “Educational institutions are less likely than others to detect attacks in progress, which naturally leads to higher attack success and encryption rates. Even if some data is recovered, there’s no guarantee what data the attackers will return.”
After all, all colleges and 99 percent of other educational institutions have had the damage paid for by their cyber insurance companies. Whereas 78 percent of the schools were insured against ransomware attacks. However, providers of cyber insurance are becoming more selective in accepting customers, Wisniewski says, and educational institutions need help to meet the higher standards required by insurers.