From Primary Schools to Universities, The Global Education Sector is Unprepared for Escalating Cyber Attacks

In higher education specifically, ransomware attacks were up 70% over 2022.

Check Point Research placed the average number of weekly cyberattacks on educational institutions at 3,574 in 2024, a 75% increase from the previous year.

The median time for users to fall for phishing emails is less than 60 seconds.

For large organisations, the average Phish Prone Percentage (PPP) after one year of sustained training dropped to 4.9%.

More than 20% of users identified and reported phishing per engagement, including 11% of the users who did click the email.

After 90 days of training and simulated phishing tests, the Phish Prone Percentages (PPPs) for the education sector reduced to 19%, 19.4%, and 18% respectively for small, medium, and large organisations.

In 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions.

After one year or more of sustained training, the average Phish Prone Percentage (PPP) for small institutions dropped dramatically to 3.9%.

For medium sized organisations, the average Phish Prone Percentage PPP after one year of sustained training dropped to 5.2%.

KnowBe4's 2024 Phishing by Industry Benchmarking Report found that in the education sector specifically, the baseline PPP (Phish Prone Percentage) for small organisations (1-249 employees) was 33.4%.

Microsoft Threat Intelligence blocked more than 15,000 quishing (QR Code Phishing) emails per day to the education sector over the past year.

A hacker breached Mobile Guardian in August 2024 and remotely wiped data from at least 13,000 students’ iPads and Chromebooks.

According to the United Kingdom’s Department of Science Innovation and Technology 2024 Cybersecurity Breaches Survey, 43% of higher education institutions in the UK reported experiencing a breach or cyberattack at least once a week.

HTML attachments make up 82% of malicious email attachments in the education sector

According to the Malwarebytes report, 43% of all ransomware in education attacks in 2023 targeted higher education and 36% of attacks targeted K-12.

Of confirmed data breaches examined by Verizon, 1,780 incidents (17%) were attacks against the education system, with 1,537 (14%) confirmed data disclosure.

The Toronto District School Board data breach in September 2024 compromised data from 235,000 students across 582 schools.

The Highline Public School district has over 2,000 staff members and 17,500 students across 34 schools. All 34 schools were closed due to a ransomware attack.

The median time to click on a malicious link after the email is opened is 21 seconds.

It takes only another 28 seconds to enter the data after clicking a malicious link.

For education institutions with 250-999 employees, the baseline Phish Prone Perecentage (PPP) was 31.2%.

For large educational institutions with more than 1,000 employees the baseline Phish Prone Percentage (PPP) was 31.7%.

The Iranian Mabna Institute conducted intrusions into the computing systems of at least 144 United States universities and 176 universities in 21 other countries in 2023.

Some schools endure over 2,500 attempted cyberattacks a day.

In 2023, there was a staggering 105% increase in known ransomware attacks against K–12 and higher education, surging from 129 attacks in 2022 to 265 in 2023.