Ransomware attacks have recently expanded beyond the boardroom, targeting a sector that shapes our future: education.
Alarmingly, nearly two-thirds of education facilities reported cyberattacks in 2024, with mean ransom payment amounts reaching the millions.
Both K-12 schools (lower education) and universities (higher education) store mountains of valuable data, including personally identifiable information (PII), making the education sector a prime target for threat actors.
Many schools and universities struggle to secure funding and staff for security measures, making them more susceptible to cyberattacks.
To highlight the role and impact of cybersecurity in the education industry, we’ve compiled the most important stats and trends to help institutions keep their sensitive data safe and secure.
Overarching education cybersecurity statistics
The education sector is an attractive target for threat actors. Schools and universities hold vast amounts of data and cyberattacks appear to have grown steadily over the past several years.
CBS News reports that from January 2023 through June 2024, at least 83 potential ransomware attacks on school districts were disclosed, with at least 21 of these attacks taking place in the first half of this year.
- Education was the second most likely sector to have backups successfully compromised during attacks in 2024, at 71%. (Sophos)
- More than 2,600 organizations — including many in the education sector — were affected by the MOVEit hack, with an estimated total cost of around $15 billion. (Emsisoft)
- About 40 million subscribers were impacted by an April 2018 Chegg breach and over 5.1 million .edu email addresses were exposed. (BlueVoyant)
- The average cost of a data breach in 2023 in the education sector was $3.65M. (IBM)
- An attack on Minneapolis Public Schools resulted in nearly 200,000 stolen files posted online, including extremely sensitive information. (Emsisoft)
K-12 cybersecurity statistics
According to CISA, adversaries target the K-12 education system mainly because they maintain extensive personal and financial data about students, teachers, school staff, and records. Yet, most educational districts lack the resources to implement a comprehensive cybersecurity program.
Many schools across the nation are designated “target rich, cyber poor” in that they are frequent targets for ransomware and other cyberattacks due to the extensive data kept on school networks, often without the proper protection.
For K-12 schools, cyber incidents are so prevalent that, on average, there is more than one incident per school day.
- The amount of K-12 school districts directly impacted by ransomware attacks more than doubled from 2022 to 2023. (Emsisoft)
- Only 63% of lower education facilities reported an attack in 2024, down from 80% in 2023. (Sophos)
- Lower education facilities had the highest individual rate of attack of any industry in 2023 at 80%. (Sophos)
- Lower education paid a mean ransom amount of $7.46M, the highest of any sector in 2024. (Sophos)
- Lower education paid an average of 115% of the initial ask of ransom demands, the second highest of any sector in 2024. (Sophos)
- In lower education, 95% of adversaries attempted to compromise backups during attacks in 2024. (Sophos)
- Lower education reported data theft in an attack only 22% of the time, the second least of any sector in 2024. (Sophos)
- Lower education reported 52% of computers were impacted by ransomware in 2024. (Sophos)
- Lower education facilities saw their data encrypted in 85% of attacks in 2024. (Sophos)
- Over 90% of ransomware attacks on lower education in 2024 were due to an exploited vulnerability, compromised credentials, or a malicious email. (Sophos)
Higher education cybersecurity statistics
While higher-ed institutions are more prepared for cyberattacks than in previous years, experts say it may not be enough.
Cybersecurity is still a substantial concern for administrators and universities. We rounded up the top higher-ed cybersecurity statistics below.
- In the past four years, 1,681 higher education facilities have been affected by 84 ransomware attacks. (Emsisoft)
- Only 66% of higher education facilities reported an attack in 2024, down from 79% in 2023. (Sophos)
- Higher education facilities had the second highest individual rate of attack of any industry in 2023 at 79%. (Sophos)
- Higher education paid a mean ransom amount of $5.85M, the third highest of any sector in 2024. (Sophos)
- Higher education paid more than the original demand 67% of the time, more than any other sector in 2024. (Sophos)
- Higher education paid less than the original demand 20% of the time, less than any other sector in 2024. (Sophos)
- Higher education paid an average of 122% of the initial ask of ransom demands, the highest of any sector in 2024. (Sophos)
- Of the higher-ed institutions that reported ransomware attacks, 59% said it resulted in them losing “a lot of” business and revenue. Around one-fourth, 28%, reported smaller losses. (Sophos)
- Higher education reported data theft in an attack only 18% of the time, the least of any sector in 2024. (Sophos)
- Higher education reported 50% of computers were impacted by ransomware in 2024. (Sophos)
- Higher education facilities saw their data encrypted in 77% of attacks in 2024. (Sophos)
- In higher education, 95% of adversaries attempted to compromise backups during attacks in 2024. (Sophos)
- Over 85% of ransomware attacks on higher education in 2024 were due to an exploited vulnerability, compromised credentials, or a malicious email. (Sophos)
- Over 65% of universities lack basic email security configurations. (BlueVoyant)
- Over 35% of universities had unsecured or open database ports. (BlueVoyant)
- A study found there are an average of 10,000 brute-force attacks on higher education institutions per week. (BlueVoyant)
General cybersecurity FAQs
Below are some of the most frequently asked questions about cybersecurity, with answers supported by statistics and facts.
Q: Why should I care about cybersecurity?
A: Our world runs on data, and the integrity of our systems relies on strong cybersecurity measures to protect them. Weak cybersecurity measures can have a massive impact, but strong tactics can keep your data safe.
Q: What are the types of cyberattacks?
A: The most common cyberattack methods include phishing and spear-phishing, rootkit, SQL injection attacks, DDoS attacks, and malware such as Trojan horses, adware, and spyware.
Q: How many cybersecurity attacks are there per day?
A: On average, hackers attack 26,000 times a day. (Forbes)
Q: How frequent are cyberattacks?
A: Hackers attack every three seconds. (Forbes)
Regardless of industry, it’s important to prioritize cybersecurity at your organization.
Learn how a robust data security solution can help you with more resources on our blog.
![157-cybersecurity-statistics-and-trends-[updated-2024]](https://info.varonis.com/hubfs/Blog_GeneralSecurity_Var1_202405_FNL.png)
![157-cybersecurity-statistics-and-trends-[updated-2024]](https://info.varonis.com/hubfs/rob-sobers.jpg)
