- The education sector got hit with even more ransomware attacks in 2021, impacting almost two-thirds of higher education organizations, Sophos concluded in a new survey.
- Ransomware attacks hit more than half of the lower-education organizations surveyed and almost two-thirds of higher education institutions.
- This marks a jump from the 44% of respondents combined across lower and higher education that reported ransomware attacks in 2020, but it’s consistent with an upward trend in ransomware attacks across all sectors.
It’s not uncommon for ransomware to target schools, but the financial and operational impacts are an anomaly. Schools and universities are disproportionately jolted by ransomware attacks compared to organizations in other industries, according to Sophos.
Across all industries, colleges and universities are the most affected — 97% of higher education respondents said ransomware attacks impacted their ability to operate.
Lincoln College, a private school founded in 1865 in rural Illinois, stands out as a particularly worrying example. Declining enrollment and large investments in technology hampered the college’s finances early in the pandemic.
Then a ransomware attack hit the college in December 2021, rendering its systems for admissions, recruitment and retention non-operational. Lincoln College never recovered and the school closed in May.
IT professionals in higher education also report the slowest recovery times from ransomware attacks. Colleges and universities, on average, take twice as long as organizations in other industries to recover — 40% took over a month, 31% took one to three months and 9% recovered from a ransomware attack in a three-to-six month period, according to Sophos.
The cost of remediation is another outlier. Higher education organizations reported an average remediation cost of $1.42 million per ransomware attack and lower education organizations reported a cost of $1.58 million.
The global average cost to remediate a ransomware attack is $1.4 million, Sophos said.
The survey was commissioned by Sophos and conducted by research firm Vanson Bourne in January and February 2022. It included responses from 730 IT professionals in the education sector.