Report: Ransomware Costs Schools Nearly $550,000 per Day of Downtime
New data from cybersecurity research firm Comparitech quantifies the damage caused by ransomware attacks on K-12 and higher education institutions.
Since 2018, the company has clocked nearly 500 separate ransomware attacks aimed at schools and universities in the United States, affecting the data of over 6.7 million individuals.
It found the average ransomware demand is $1.4 million, though the average ransomware payment is leagues smaller, less than $170,000.
On average, each of these ransomware attacks caused nearly 11 days of downtime, with each missed day costing schools nearly $550,000.
All told, according to Comparitech's data, ransomware has cost the U.S. education system over $2.5 billion since 2018.
The ransomware landscape was particularly rough in 2023, which had a record-breaking 121 attacks. However, 2024 — at least, so far — has provided a slight reprieve. The rate of attacks this year has considerably slowed, and both the duration and cost of downtime have seen a noticeable decline.
"Hackers often target schools in the latter part of the year, so it's possible we will see an uptick in ransomware attacks on educational institutions for 2024, but it's unlikely the figures will reach 2023's high," Comparitech said in a post detailing its findings.
However, the company warned that attackers seem to be more discerning, increasingly going for institutions with bigger budgets and larger troves of student data. With attacks becoming more sophisticated and targeted, Comparitech urged readiness.
"With the threat of ransomware attacks across the U.S. and worldwide remaining high across all industries, it's never been more important to ensure employees are clued up, systems are updated, and frequent backups are being carried out," the company said.