Many schools still don’t have basic cybersecurity measures, research reveals

• The education sector is a top target for cyberattacks, ESET report claims
• Many organizations don't have antivirus software
• Budget constrictions are the top reason for poor cybersecurity

As the world continues to become more digitally dependent, the threat of cyberattacks is always - amd healthcare and education are often the top targets for cybercriminals.

Following recent research revealing half of UK higher education institutions experiencing a cyber attack every week, a new study by ESET has found there’s a major cybersecurity gap in the education sector which is compounding this problem.

Despite a fifth of education organizations in the UK suffering three or more cyberattacks or data breaches in the last five years, many schools lack even basic protections against cyber threats.

Cyber insurance

ESET's study found a third of educational institutions lack protections like antivirus software and strong password policies, which are regarded as the bare minimum first line of defence against cyber threats. On top of this, the vast majority (79%), have not adopted advanced measures like managed detection and response either.

Another safeguard is regularly overlooked, the research shows, and that’s cyber insurance. Despite the regular attacks, only 44% of primary schools and just 36% of secondary schools report having a cyber insurance plan in place.

Every public sector worker is familiar with budget cuts, and this has left some schools (7%) to operate without an annual cybersecurity budget at all. When asked why they don’t have a cyber insurance policy, the top response is budget prioritization (37%), as well as the policies being too expensive (28%).

Institutions are confident in their staff, with 76% believing their staff have at least a good knowledge and awareness of cybersecurity best practices, but nearly half (47%) say that they would need to prove ‘potential detrimental and financial impact’ to the institution to help convince their finance department in order to approve a larger budget.

“Education organisations are sitting on a ticking time bomb,” said Jake Moore, Global Cybersecurity Advisor at ESET.

“While it’s clear that the sector recognises the critical importance of cybersecurity, there is a huge disconnect between budget allocation, lack of insurance and its misconceptions, and inadequate measures, which is leaving institutions highly vulnerable.”

You might also like

• Take a look at our pick of the best firewall protection around
• Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
• Check out our choices for best antivirus software