Most educational institutions lack resources for robust and comprehensive cybersecurity programs
TAMPA, Fla., March 17, 2025 -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced a new report, "From Primary Schools to Universities, The Global Education Sector is Unprepared for Escalating Cyber Attacks".
Employee susceptibility to phishing attacks dropped from 33.4% to 3.9%...after one year or more of sustained training
The education sector was the most targeted industry for cyberattacks in 2024, according to several reports, including one from Check Point Research. The sector has also seen a stark increase in cyberattacks.
Key findings from the report include:
- Both primary and higher education institutions heavily rely on third-party vendors for software-as-a-service, cloud storage, and IT services. This creates a risk, as vulnerabilities or breaches within third-party systems could later affect all institutions using these services, which often goes on undetected.
- An attacker's search for an open door is helped by the fact that with limited resources, and increasing demands for modernization, schools and universities often mix modern and legacy IT systems, which can leave highly sensitive personal information on outdated and exploitable systems.
- In its 2024 Data Breach Investigation Report (DBIR), Verizon examined 30,458 security incidents in total, of which 10,626 were confirmed data breaches. Of these, 1,780 incidents (17%) were attacks against the education system,1,537 (14%) with confirmed data disclosure; a figure that put education in the top five of all industries breached globally.
- In 2023, Trustwave researchers monitored 352 ransomware claims against educational institutions. Phishing stood out in the Trustwave study as the most commonly exploited method for gaining an initial foothold in an organization.
The report demonstrates the significant impact of security awareness training on reducing human risk in educational institutions. Employee susceptibility to phishing attacks dropped dramatically from 33.4% to 3.9% in small educational institutions after one year or more of sustained training and simulated phishing evaluations.
"Today's classroom environment is becoming ever more digital, increasing the attack surface of educational institutions and creating an unprecedented level of cyber risk," said Stu Sjouwerman, CEO, KnowBe4. "Educational institutions have inadvertently become prime targets for sophisticated threat actors due to an overall lack of resources. The most concrete, effective step that an educational institution can take to secure vital and sensitive data is to ensure that all individuals who access IT systems are equipped with the proper tools, education and awareness to protect against cyber threats and reduce human risk."
To download the report, visit here.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset.
This News is brought to you by Qube Mark, your trusted source for the latest updates and insights in marketing technology. Stay tuned for more groundbreaking innovations in the world of technology.
