Education Sector Was The Hardest Hit By Ransomware In 2020 According To New Sophos Research

“The education sector has long been an attractive target for cyber-attackers” - Chester Wisniewski, a principal research scientist at Sophos.

Sophos recently published the ‘Sophos State of Ransomware in Education 2021,’ which looks at the extent and impact of ransomware attacks on educational institutions worldwide during 2020. 

In the wake of headline-grabbing ransomware attacks impacting education, including the REvil ransomware attack on Kaseya that hit schools in New Zealand, and recent alerts from the FBI and the UK’s National Cyber Security Centre warning of spikes in ransomware attacks targeting schools, the research findings confirm the particular vulnerability of educational institutions to this relentless cyberthreat.

The Sophos State of Ransomware in Education, 2021, the survey polled 5,400 IT decision-makers, including 499 education IT managers, in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

If you’d like to speak to one of our experts about the impact of ransomware on education and what defenders can do to enhance security, or about ransomware in general, please get in touch.

The main research findings include:

  • Education, together with retail, faced the highest level of ransomware attacks during 2020, with 44 per cent of organizations hit (compared to 37 per cent across all industry sectors) 
  • For educational institutions, the financial impact of a ransomware attack in 2020 was crippling. The total bill for rectifying a ransomware attack in the education sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was, on average, US$2.73 million – the highest across all sectors surveyed, and 48 per cent above the global average
  • Over half (58 per cent) of the education organizations hit by ransomware said the attackers had succeeded in encrypting their data 
  • Over a third (35 per cent) of those with encrypted data gave in to the attackers’ demands and paid the ransom. Only the energy, oil/gas and utilities (43 per cent), and local government (42 per cent) sectors were more likely to pay
  • The average ransom payment was US$112,435 (lower than the global average of US$170,404) 
  • However, those who paid recovered on average only around two-thirds (68 per cent) of their data, leaving almost a third inaccessible; and just 11 per cent got all their encrypted data back
  • Of those institutions that were not hit with ransomware last year (55 per cent of respondents), the majority (61%) expect to be targeted in the future. The main reasons given for this are that cyberattacks are now so sophisticated (46 per cent) and prevalent (42 per cent) that they are almost impossible to stop

Tags assigned to this article:
New Sophos Research sophos survey

Around The World

Our Publications