Sophos’s new report, The State of Ransomware in Education, reveals the extent and impact of ransomware attacks on the education sector worldwide during 2020.
Based on an independent survey of 499 IT decision makers, it provides a deep dive into the ransomware reality from the people at the front line.
Education faced the highest level of attacks in 2020
2020 was a tough year for the education sector which, together with retail, faced the highest level of ransomware attacks with 44% of organizations hit (compared to 37% across all industry sectors). What’s more, over half (58%) of the education organizations hit by ransomware said the attackers had succeeded in encrypting their data.
At the same time, the rapid shift from classroom to online learning in many countries piled additional work and pressures on IT teams: nearly three quarters (74%) of respondents said cybersecurity workloads increased.
Paying the ransom doesn’t pay off
Over a third (35%) of education organizations whose data was encrypted paid the ransom to get their data back. This is the third highest level of ransom payment seen, with only the energy, oil/gas and utilities, and local government sectors more likely to pay.
When it comes to the ransom itself, the average payment in the education sector was US$112,435. This is considerably lower than the global average of US$170,404, perhaps reflecting the budget limitations facing many educational bodies.
However, paying up didn’t pay off. On average, only 68% of the data was recovered after paying the ransom, leaving almost a third inaccessible, while just 11% of those that paid got all their encrypted data back.
Education recovery costs are 48% above average
The survey revealed that the education sector faced the highest overall bill to recover from a ransomware attack of all industries surveyed. Considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, the total cost was, on average, US$2.73 million – 48% above the global average.
This high bill is likely due to many education organizations running outdated and fragmented IT infrastructures supported by understaffed IT teams. As a result, in the wake of an attack they are often forced to totally rebuild from the ground up, incurring major financial cost.
It’s also worth noting that the average ransom payment is less than 5% of the overall ransomware recovery cost.
Read the full report
Read the full The State of Ransomware in Education 2021 report to learn more about the experiences and challenges facing the education sector, and to dive deeper in to the numbers behind the headlines.