SECURITY

ESET ’ s findings reveal that nearly three-quarters ( 73 %) of institutions surveyed have experienced at least one cyberattack or breach in the past five years , with a fifth reporting three or more incidents .

This aligns with government data from 2024 , which found that 77 % of education organisations had experienced a breach or attack in the previous year – far higher than the 50 % of UK businesses overall that had been targeted .

Despite being a key target for cyberthreats , one-third of education institutions surveyed still lack fundamental protections , such as antivirus software ( 33 %) and strong password policies ( 35 % 2 ). Additionally , the majority ( 79 %) have not adopted advanced measures like managed detection and response .

Another key but often overlooked safeguard is cyberinsurance , which , according to government data , under half of primary schools ( 44 %) and even fewer secondary schools ( 36 %) report having in place . In fact , the ESET findings reveal that 7 % of institutions operate without an annual cybersecurity budget at all .

This cybersecurity shortfall not only jeopardises organisational data but puts sensitive student information at risk .

( 55 %) and phishing ( 43 %) topping their list of concerns . While three-quarters ( 76 %) of education organisations surveyed believe their staff have excellent or good knowledge and awareness of cybersecurity best practices and online safety , over half still plan to prioritise increasing staff awareness and training and expanding their cybersecurity tools or software over the next 12 months ( 55 % and 51 % respectively ).

The case for managed support

Over three-quarters ( 77 %) believe their institutions would benefit from enhanced cybersecurity measures with managed support from an external , specialist cybersecurity provider .

However , nearly half ( 47 %) of education organisations surveyed said they would need evidence of a cyberattack ’ s potential detrimental and financial impact on their institution to help convince their finance department to approve a larger cybersecurity budget .

Jake Moore , Global Cybersecurity Advisor at ESET , said : “ Education organisations are sitting on a ticking time bomb . While it ’ s clear that the sector recognises the critical importance of cybersecurity , there is a huge disconnect between budget allocation , lack of insurance and its misconceptions , and inadequate measures , which is leaving institutions highly vulnerable .”

As cybercriminals increasingly target educational institutions , students ’ personal and academic data remain highly vulnerable to theft or misuse . Compounding the issue , one in five ( 21 %) education organisations surveyed admit they feel unprepared or not confident to tackle the rising tide of AI-driven cyberthreats .

When asked about the main reasons why they wouldn ’ t take out a cyberinsurance policy , many stated that they prefer to prioritise the budgets they have for cybersecurity measures ( 37 %). Others cited concerns about payout reliability ( 33 %) and complex or unclear policy terms ( 32 %). Meanwhile , 28 % believe cyberinsurance is too expensive , while 18 % revealed they simply don ’ t understand its value .

Top threats persist

These revelations all come at a time when education organisations continue to battle familiar foes , with data breaches ( 61 %), malware

WWW . INTELLIGENTCISO . COM 57