The State of Ransomware in Education 2021

Based on an independent survey of 499 IT decision makers, this report shares new insights into the state of ransomware in the education sector. It provides a deep dive into the prevalence of ransomware in education, the impact of the attacks, the cost of ransomware remediation, and the proportion of data that education organizations could recover after an attack. The survey also reveals how education stacks up with other sectors, as well as the future expectations and readiness of education organizations in the face of these attacks.

Key findings in Education

• 44% of organizations were hit by ransomware in the last year
• 58% of organizations hit by ransomware said the cybercriminals succeeded in encrypting their data in the most significant attack
• 35% of those whose data was encrypted paid the ransom to gettheir data back in the most significant ransomware attack
• The average ransom payment was US$112,435
• However, those who paid the ransom got back just 68% of their data on average, leaving almost a third of the data inaccessible
• The total bill for rectifying a ransomware attack in the education sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, and more, was, on average, US$2.73 million – the highest across all sectors surveyed
• 55% of those whose data was encrypted used backups to restore data
• 90% of educational organizations have a malware incident recovery plan

2020 was a tough year for education, with the sector experiencing the highest level of ransomware attacks of all industries (tied with retail). At the same time, the rapid shift from classroom to online learning in many countries piled additional work and pressures on IT teams: nearly three quarters (74%) of respondents said cybersecurity workloads increased over 2020, the second highest rate of all sectors.

In the face of these challenges, many education organizations that were hit by ransomware paid the ransom to get their data back. In fact, the education sector has the third-highest rate of ransom payment (35%), behind energy, oil/gas and utilities (43%), and local governments (42%). However, those who paid on average only got back 68% of their data, leaving almost a third inaccessible, and just 11% got all their encrypted data back. In other words, paying the ransom doesn’t really pay off!

The overall financial impact of ransomware is crippling for education organizations. The average bill for recovering from a ransomware attack is US$2.73 million, the highest by far of all sectors and 48% above the global average. This is likely due to many education organizations running outdated and fragmented IT infrastructures supported by understaffed IT teams. As a result, in the wake of an attack they are often forced to totally rebuild from the ground up, incurring major financial cost.

Education organizations should prioritize strengthening their defenses against ransomware. Investing in modern infrastructure, together with cybersecurity technology and skills, will considerably reduce both the overall cost and impact of ransomware.