Report: Ransomware Costs Schools Nearly $550,000 per Day of Downtime

New data from cybersecurity research firm Comparitech quantifies the damage caused by ransomware attacks on K-12 and higher education institutions.

Since 2018, the company has clocked nearly 500 separate ransomware attacks aimed at schools and universities in the United States, affecting the data of over 6.7 million individuals.

It found the average ransomware demand is $1.4 million, though the average ransomware payment is leagues smaller, less than $170,000. 

On average, each of these ransomware attacks caused nearly 11 days of downtime, with each missed day costing schools nearly $550,000.

All told, according to Comparitech's data, ransomware has cost the U.S. education system over $2.5 billion since 2018.

The ransomware landscape was particularly rough in 2023, which had a record-breaking 121 attacks. However, 2024 — at least, so far — has provided a slight reprieve. The rate of attacks this year has considerably slowed, and both the duration and cost of downtime have seen a noticeable decline.  

"Hackers often target schools in the latter part of the year, so it's possible we will see an uptick in ransomware attacks on educational institutions for 2024, but it's unlikely the figures will reach 2023's high," Comparitech said in a post detailing its findings.

However, the company warned that attackers seem to be more discerning, increasingly going for institutions with bigger budgets and larger troves of student data. With attacks becoming more sophisticated and targeted, Comparitech urged readiness.

"With the threat of ransomware attacks across the U.S. and worldwide remaining high across all industries, it's never been more important to ensure employees are clued up, systems are updated, and frequent backups are being carried out," the company said.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

  • tool icons with variety of business icons

    SETDA Releases Free EdTech Quality Action Toolkit

    The State Educational Technology Directors Association (SETDA) has put together a free K-12 EdTech Quality Action Toolkit that provides a framework for evaluating education technology products as well as guidance on regulatory compliance, templates for communicating with vendors, training resources, and more.

  • cyber security padlock

    Report: AI Adoption Forces Trade-Off Between Speed and Identity Security

    AI adoption is forcing enterprises to trade security for speed — and identity controls are the first casualty, according to a new report from Delinea, a provider of identity security solutions for both human and AI agent identities.

  • Neon blue security locks with a single red highlight

    With AI, Cybersecurity Focus Shifts from Finding Flaws to Fixing Them

    For decades, one of cybersecurity's biggest challenges has been finding vulnerabilities before attackers do. A growing number of security professionals now say artificial intelligence is changing that equation, shifting the focus from discovering flaws to fixing them quickly enough to prevent exploitation.

  • abstract data flow

    Google Announces New Gemini Enterprise Agent Platform

    Google Cloud has introduced a new platform for building and managing enterprise AI agents, as the company seeks to turn its Gemini models and Vertex AI tooling into a broader system for automating business workflows.