Data from a survey of 600 schools around the world show differences in the way they responded to ransomware attacks/demands

Based on a Jan/Feb 2024 survey of 600 respondents representing the education^ industry in 14 countries, on their 2023 cyber incident experiences, some findings were disclosed.

First, in terms of ransomware incidents, the attack rate was 63% for respondents from the Lower Education sector, and 66% for those from the Higher Education sector: down 80% and 79% from the data from a previous year’s survey. The leading root cause of attack was vulnerability exploitation that had provided cybercriminals with a way into the network for 44% (Lower Education), and 42% (Higher Education) of the ransomware attacks.

Second, 95% of respondents in the industry had indicated that cybercriminals had tried to compromise data backups during the ransomware attack, with 71% being successful. With that, encryption was cited as successful by 85% of respondents from Lower Education, and 77% from those from Higher Education. This was slightly up from the 81% and 73%, respectively, reported in a similar 2023 survey.

Other findings

Third, in terms of recovery time, 30% of respondents that had cited having been involved in ransomware incidents (from both the lower- and higher- education sectors) indicated there were able to fully recover in a week or less, down from a 2023 survey’s figure of 33% (lower education) and 40% (higher education). Also:

  • Overall, the top root causes of ransomware attacks in the Lower Education sector were cited as: exploited vulnerability, malicious emails, compromised credentials. In the Higher Education sector, the top root causes were cited as exploited vulnerability, compromised credentials, malicious emails.
  • In terms of ransom demands, the median value was US$6.6m in Lower Education and US$4.4m in the Higher Education sector, as cited by the relevant respondents. Of those opting to pay, 55% of respondents from Lower Education and 67% from the Higher Education sector indicated that their organization had paid more than what had been initially demanded by attackers, after negotiations. Conversely, 32% of respondents from Lower Education and 20% of those from Higher Education had cited paying less, after negotiations than the original demand.
  • 64% of respondents from Lower Education, and 66% of those from Higher Education had cited benefiting from advice from law enforcement and/or official government bodies about dealing with their cyber experience: 61% cited receiving support in investigating the attack.

The 2024/2023 surveys mentioned above were commissioned by Sophos. For the more recent survey, the conclusion from the data was that the attack rate for the education industries in the sample populations had dropped by an average of 13.5%, while the cost of recovering (excluding any ransoms paid) from an attack (downtime, people time, device costs, network recovery costs, opportunity costs, etc.) had tripled.

*located in the Americas, Europe, the Middle East and Africa, and parts of the Asia Pacific region, and equally split into institutions for lower education (catering to students up to 18 years old) and those offering higher education (for students over 18 years). All respondents represented organizations with between 100 and 5,000 employees.