Key points:
Education reported the highest rate of ransomware attacks in 2022, and over the past year, 79 percent of higher-ed organizations surveyed reported being hit by ransomware, while 80 percent of K-12 organizations surveyed were targeted—an increase from 64 percent and 56 percent in 2021, respectively.
These statistics come from The State of Ransomware in Education 2023, a report from cybersecurity provider Sophos.
Additionally, the education sector reported one of the highest rates of ransom payments, with more than half (56 percent) of higher-ed organizations paying and nearly half (47 percent) of K-12 educational organizations paying the ransom. However, paying the ransom significantly increased recovery costs for both higher-ed and K-12 educational organizations. Recovery costs (excluding any ransoms paid) for higher-ed organizations that paid the ransom were $1.31 million when paying the ransom versus $980,000 when using backups. For K-12 educational organizations, the average recovery costs were $2.18 million when paying the ransom versus $1.37 million when not paying.
Paying the ransom also lengthened recovery times for victims. For higher-ed organizations, 79 percent of those that used backups recovered within a month, while only 63 percent of those that paid the ransom recovered within the same timeframe. For K-12 educational organizations, 63 percent of those that used backups recovered within a month versus just 59 percent of those that paid the ransom.
Laura Ascione is the Editorial Director at eSchool Media. She is a graduate of the University of Maryland’s prestigious Philip Merrill College of Journalism.
