More than half of universities in the UK reported a data breach to the Information Commissioner’s Office (ICO) in the last 12 months, following ‘endless’ attacks by cyber criminals and nation-state actors.
Information obtained by Redscan under a Freedom of Information request, and published in its latest State of Cyber Security report, has revealed that of the 86 universities surveyed, 54% had reported a data breach to the ICO since July 2019.
The report also found that 46% of all staff working at the universities polled received no cyber security awareness training, and that 12% of universities do not offer any kind of security guidance, support or training to their students.
“Redscan’s report underscores the degree to which universities are an attractive target,” says Mark Nicholls, CTO at Redscan. “Universities are targeted by criminals seeking financial gain, as well as by nation state attackers looking to steal intellectual property. In respect to the latter, the report raises concerns that many universities may not be doing enough to defend themselves against the latest cyber threats, particularly at a time when institutions are embracing remote teaching en masse and conducting world-changing research in relation to COVID-19.”
Nicholls adds: “The fact that such a large number of universities don’t deliver cyber security training to staff and students is concerning. These are foundational elements of every organisation’s IT security program.”