Education sector improving on ransomware, but IT teams are stressed, report shows

A report published Wednesday by the cybersecurity firm Sophos shows that the education sector is making “measurable progress” in defending against ransomware, but that the IT teams fighting against such attacks are facing stress, burnout and career disruptions.

The study looked at 441 cybersecurity and IT leaders working in K-12 and higher education, finding that institutions are stopping more attacks, paying less in ransoms on average, and paying less to recover from attacks. According to the report, K-12 and higher education institutions reported their highest success rate in four years — 67% and 38% of attacks, respectively, were blocked before files could be encrypted.

Over the past year, ransom demands fell 73%, an average drop of $2.83 million, while average payments dropped from $6 million to $800,000 in K-12, and went from $4 million to $463,000 in higher education.

“Ransomware attacks in education don’t just disrupt classrooms, they disrupt communities of students, families, and educators,” Alexandra Rose, Director, CTU threat research at Sophos, said in a press release. “While it’s encouraging to see schools strengthening their ability to respond, the real priority must be preventing these attacks in the first place. That requires strong planning and close collaboration with trusted partners, especially as adversaries adopt new tactics, including AI-driven threats.”

The report also notes that institutions need to relieve the burden on staff, who often report being overworked. “Schools can reduce pressure and extend their capabilities by partnering with trusted providers for managed detection and response (MDR) and other around-the-clock expertise,” reads a press release about the report. Researchers also recommend colleges focus on preventing, secure more funding for cyber and unify their strategies in an attempt to maintain the positive trends seen over the last year.