SolarWinds Public Sector Cybersecurity Survey: External Threats Growing Faster Than Response Capabilities

In its seventh annual Public Sector Cybersecurity Survey Report released this morning, SolarWinds found that a majority of education organizations surveyed have not improved their cybersecurity detection or resolution capabilities — even as attacks against schools have skyrocketed during the pandemic.

Cybersecurity experts and the U.S. Department of Education have warned in recent months of the marked increase in cyberattacks on schools and universities, and the K–12 Cybersecurity Act of 2021, signed into law in October, directs the Cybersecurity and Infrastructure Security Agency to identify risks and provide resources for schools to better protect their IT security. According to Government Computer News, from Aug. 14 to Sept. 12, 2021, educational organizations were the target of over 5.8 million malware attacks, or 63% of all such attacks.

This year’s SolarWinds cybersecurity survey includes responses from 400 IT operations and security decision-makers, including 200 federal, 100 state and local, and 100 education respondents, SolarWinds said.

“This year’s results demonstrate that while IT security threats have increased — primarily from the general hacking community and foreign governments — the ability to detect and remediate such threats has not increased at the same rate, leaving public sector organizations vulnerable,” said Brandon Shopp, SolarWinds group vice president for product strategy. “But the data also shows an increased awareness and adoption of zero trust, as well as a commitment to invest in IT solutions and adopt cybersecurity best practices outlined in the Administration’s Cybersecurity Executive Order. It’s through these steps that public sector organizations can enhance their cybersecurity posture and fight the rising tide of external threats.”

Key findings in the education sector from the 2021 survey:

  • Careless/untrained insiders (53%) are the largest source of security threats at education institutions, followed by the general hacking community (49%) and foreign governments (25%).
    • Although 56% of all public sector respondents stated that threats posed by foreign governments have increased since 2020, only 25% of education respondents reported foreign governments as a threat.
  • When asked about specific types of security breaches, the public sector’s level of concern over ransomware (66%), malware (65%), and phishing (63%) has increased the most over the last year.
  • Lack of training (40%), low budgets and resources (37%), and the expanded perimeter (32%) as a result of increased remote work continue to plague public sector security pros.
    • Education respondents are the most likely to struggle to identify the root cause of security issues, hampering their ability to both detect and remediate such threats.
    • About 60% of respondents noted both the time to detection and time to resolution remained the same or worsened between 2020 and 2021.
  • Public sector respondents suggest improving investigative and remediation capabilities, as well as reducing barriers to sharing threat information between public and private sectors, as the top priorities for compliance with the Cybersecurity Executive Order.
    • Among state, local, and education organizations, 88% are likely to adopt cybersecurity best practices and activities from the Cybersecurity Executive Order, including almost 100% of respondents from K-12 schools and 84% of higher ed institutions.

Find the full survey report at SolarWinds’ website.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • handshake between two individuals with AI icons (brain, chip, network, robot) in the background

    Microsoft, Amazon Announce New Commitments in Support of Presidential AI Challenge

    At the Sept. 4 meeting of the White House Task Force on Artificial Intelligence Education, Microsoft and Amazon announced new commitments to expanding AI education and skills training.

  • digital learning resources including a document, video tutorial, quiz checklist, pie chart, and AI cloud icon

    Quizizz Rebrands as Wayground, Announces New AI Features

    Learning platform Quizizz has become Wayground, in a rebranding meant to reflect "the platform's evolution from a quiz tool into a more versatile supplemental learning platform that's supported by AI," according to a news announcement.

  • abstract pattern of cybersecurity, ai and cloud imagery

    Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A recent report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.