3 in 4 Education Institutions Have Uncovered a Cyber Attack on Their Infrastructure in the Past Year

Seventy-seven percent of institutions across K-12 and higher education have identified a cyber attack on their infrastructure within the past 12 months, according to a new survey from cybersecurity company Netwrix. That represents a significant increase from 2023, when 69% of education organizations reported the same.

For its 2024 Hybrid Security Trends Report, Netwrix surveyed 1,309 IT and security professionals from a variety of industry sectors in 104 countries, to find out about their IT infrastructure, security challenges, and more. Education-specific survey results were released in a separate report, "Additional Findings for the Education Sector."

The most common attack vectors in education were phishing, user account compromise, and ransomware or other malware, the report found. Of the institutions that experienced a security incident, 47% reported facing unplanned expenses to fix security gaps, while 42% said they experienced no impact. Other cyber attack consequences included compliance fines (cited by 14% of respondents), change in senior leadership (11%), loss of competitive edge (11%), and lawsuits (10%).

Respondents were also asked about their biggest data security challenges. Fifty-one percent pointed to a lack of budget for data security initiatives; 47% said mistakes or negligence by business users; and 45% said an understaffed IT/security team.

"While educational institutions may have the same complexity as large organizations, they typically lack matching budgets and resources to deal with their dynamic environments," commented Ilia Sotnikov, security strategist at Netwrix, in the report. "It is crucial for the IT security teams in the education sector to have processes and tools in place to govern the identities, audit their activity, and monitor for any abnormal or malicious behavior."

For the full report, visit the Netwrix site here.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • Ativion StudentKeeper

    New Platform Combines Content Filtering, Classroom Management, Device Management Tools

    Ed tech, remote access, and cybersecurity solution provider Ativion has introduced StudentKeeper, an all-in-one platform that encompasses digital safety management, filtering, and reporting tools for supporting and protecting students.

  • school building protected by a glowing blue shield with circuit patterns, blocking red-orange cyber threat icons

    Establishing a Proactive Defense Against Evolving Cyber Threats

    Here are six good starting points for K-12 districts that want to improve their cybersecurity mitigation strategies and take a more proactive approach to mitigating risk.

  • SXSW EDU

    SXSW EDU 2025: Where K-12 Meets the Future of Education

    Join education's most passionate community this March 3-6, 2025 at a special 15th-annual SXSW EDU Conference & Festival in Austin, Texas.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.