Insights into ransomware attacks, payments, and cyber insurance - Read The State of Ransomware in Education  2022

Jessicas Social Media Template-jpg

VLCM valued cybersecurity partner Sophos recently released The State of Ransomware in Education 2022, an insightful report based on a Sophos annual study of the real-world ransomware experiences of people working at the IT frontline. In all, 730 education IT professionals working in mid-sized companies (100-5,000 employees) across 31 countries participated in the research this year.

The study reveals the ransomware attack rates, recovery costs, and cyber insurance coverage levels in the education sector. Given the wide range of organizations in the education sector, the report provides separate data points for lower (under 18 years) and higher education (18 years +).

Here are some key findings from the report:

  • Ransomware attacks on education have increased – 56% in lower education and 64% in higher education were hit in 2021, up from 44% in education who were hit in 2020
  • The increase in attacks is part of a global, cross-sector trend. Even though the education attack rates are high compared to 2020 they are below the cross-sector average
  • Education is the sector least able to stop data being encrypted in an attack – higher education reported the highest data encryption rate of all sectors at 74%, with lower education only a little behind at 72%
  • 45% of lower education and 50% of higher education organizations paid the ransom to get the encrypted data back compared with the global average of 46%
  • The percentage of data recovered by education organizations after paying the ransom is in line with the global average of 61%: lower education at 62% and higher education at 61%. However, only 2% of education organizations that paid the ransom got ALL their data back after paying the ransom
  • The ransomware recovery bill is very high – lower education spent US$1.58M and higher education spent US$1.42M to rectify ransomware attacks compared with the global average of US$1.40M
  • Education is slow to recover from ransomware attacks – higher education reported the slowest ransomware recovery time across all sectors with 9% of respondents reporting a recovery period of 3-6 months, more than double the global average of 4%
  • Education has below average cyber insurance coverage rates – only 78% of education organizations have cyber insurance coverage against ransomware compared with the global average of 83%
  • Cyber insurance is driving better cyber defenses – 95% of lower education and 96% of higher education organizations with cyber insurance have upgraded their cyber defenses to improve their cyber insurance position
  • Cyber insurance almost always pays out – in the event of a ransomware attack, lower education reported a 99% payout rate and higher education a 100% payout rate

The growing rate of ransomware attacks in education reflects the success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. Most education organizations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims.

However, it is getting harder for education to get coverage, likely because of the high rate of ransomware incidents in this sector. The subsequent insurance coverage gap is leaving many education organizations exposed to the full cost of an attack, increasing the overall ransomware remediation costs . As insurance coverage becomes more challenging to secure, education is improving its cyber defenses to improve its cyber insurance position.

Read the full report: The State of Ransomware in Education 2022