Over Half of Universities Suffered Data Breach in Past Year

Over half (54%) of UK universities reported a data breach to the regulator in the past 12 months, with an average of two reports each, according to new Freedom of Information (FOI) data collected by Redscan.

The security firm received back answers from 86 of the 134 higher education institutions it contacted, to compile the new report: The state of cyber security across UK universities.

It revealed that although the country’s universities host over 2.3 million students and 430,000 staff and contribute an estimated £87bn of value to the national economy, cybersecurity remains neglected by many.

Nearly half (46%) claimed that staff had received no security training in the past year, while just 51% said they proactively provide training and information to students. Some 12% don’t offer any kind of guidance or support to students when it comes to cybersecurity best practices.

Those that do go in for training spend on average just £7529 per year, according to the report.

What’s more, over a quarter (27%) of institutions said they never commission external pen tests.

These deficiencies are exposing UK universities to third-party attack and the consequences of staff negligence, leading to accidental insider breaches.

Recent events have shown how vulnerable they are to cyber-attack: a breach at US cloud provider Blackbaud has compromised data at over 20 charities and universities in the UK and North America.

Redscan CTO, Mark Nicholls, argued that these organizations represent an attractive and lucrative target for financially motivated and even state-sponsored attackers.

“Work to develop a COVID-19 vaccine is just one in a long line of world-changing research projects currently being undertaken by our universities. However, it is one example that should really focus minds on the need to secure important research and IP against the latest cyber-threats, including state-sponsored attacks,” he told Infosecurity

“Aside from negatively impacting an institution’s reputation and funding, data breaches leading to the loss of vital scientific research have the potential to seriously hamper innovation and affect lives.”

What’s Hot on Infosecurity Magazine?