- The education sector is a top target for cyber attacks, the ESET report claims
- Many organizations do not have antivirus software
- Budget constraints are the main reason for poor cyber security
As the world continues to become more digitally dependent, the threat of cyberattacks is ever-present – amd healthcare and education are often prime targets for cybercriminals.
Following recent research revealing that half of UK higher education institutions experience a cyber attack every week, a new study by ESET has found that there is a major cyber security gap in the education sector which is exacerbating this problem.
Despite a fifth of UK education organizations suffering three or more cyber attacks or data breaches in the last five years, many schools lack even basic protection against cyber threats.
Cyber insurance
ESET’s survey found that a third of educational institutions lack protections such as anti-virus software and strong password policies, which are considered the bare minimum first line of defense against cyber threats. On top of this, the vast majority (79%) have also not adopted advanced measures such as managed detection and response.
Another safeguard is regularly overlooked, the research shows, and that is cyber insurance. Despite the regular attacks, only 44% of elementary schools and only 36% of high schools report having a cyber insurance plan in place.
Every public servant is familiar with budget cuts, and this has left some schools (7%) operating without an annual cyber security budget at all. When asked why they do not have cyber insurance, the top answer is budget prioritization (37%), as well as insurance being too expensive (28%).
Institutions trust their staff, with 76% believing their staff have at least a good knowledge and awareness of cyber security best practices, but almost half (47%) say they would have to prove “potentially harmful and financial impact” for the institution to help convince their finance department to approve a larger budget.
“Education organizations are sitting on a ticking time bomb,” said Jake Moore, Global Cybersecurity Advisor at ESET.
“While it is clear that the sector recognizes the critical importance of cyber security, there is a huge disconnect between budget allocation, lack of assurance and its misunderstandings and inadequate measures, leaving institutions very vulnerable.”
