Dive Brief:
- Ransomware attacks against K-12 and higher education institutions — breaching over 6.7 million personal records — around the world are estimated to cost over $53 billion in downtime between 2018 and mid-September 2023, according to research on 561 attacks released Thursday by Comparitech, a cybersecurity and online privacy product review website.
- A majority of the analyzed attacks occurred in the U.S., with 386 recorded incidents costing a total of $35.1 billion due to systems being down. K-12 schools accounted for most of the breaches worldwide, but colleges and universities have been more frequently targeted in recent years, the Comparitech report noted.
- Overall, 2023 is on track to be a record-breaking year for ransomware attacks against education institutions, according to Comparitech. Within the first half of 2023, the group found 85 global ransomware attacks, while just 45 incidents were recorded in the same period of the previous year.
Dive Insight:
Overall, there have been 102 education-related ransomware attacks in 2023 as of mid-September, compared to 116 in 2022, 107 in 2021, 116 in 2020, 104 in 2019 and 16 in 2018.
The average amount of downtime caused by ransomware disruptions has also lengthened quite a bit from 7.9 days in 2022 to 11.6 days in 2023, Comparitech found.
Though more K-12 schools have fallen victim to ransomware attacks than colleges between 2018 and 2023 — 319 versus 240 — the number of colleges targeted has been on a steady ascent. Colleges outpaced K-12 schools in 2022, with 61 ransomware attacks compared to 54, and that trend has continued into 2023 with 52 college-based ransomware incidents so far versus 50 in elementary and secondary schools.
Whether schools and colleges pay a ransom to hackers to reclaim any stolen data, the Comparitech report said, the financial damage is already done and is often the main goal of cybercriminals. The average cost of downtime among 20 varying industries is $8,662 per minute, according to a 2017 report published in the trade journal For The Record.
“Schools can ill-afford for systems to go down as this often means lessons are disrupted or even canceled as a result,” the Comparitech report said. “As our findings suggest, downtime can extend for weeks and the effects felt for months after.”
Hackers have already kicked off the new school year by launching ransomware attacks against school districts — as seen in Maryland’s Prince George’s County Public Schools and Pennsylvania’s Chambersburg Area School District.
Besides the monetary consequences, sensitive student and staff data is at risk of being leaked following these high-profile cyberattacks. Prince George’s County, for instance, warned the school community that 4,500 district users’ data “may be released online” following an August ransomware attack.
