With students around the country having returned to school, either in-person or virtually, the risk of a cyber-attack on educational institutions is heightened.
Schools have often fallen victim to cybercriminals. In 2019, educational entities – including K-12 schools and higher education institutions – accounted for three in five of recorded ransomware attacks. This underscores their vulnerability and the need for them to consistently monitor their systems and have robust incident response plans in place if they are targeted by criminals. And the stakes are even higher this year.
As the pandemic continues, many schools are operating partly or wholly online. That can help reduce the spread of COVID-19, but adds new threats. Cyber-attacks can lead to system shutdowns that freeze the online learning environment, leading to an interruption in classes and other services that could result in a loss of income.
This risk is particularly acute for tuition-based schools, some of which are already struggling to remain financially solvent. Interruptions — especially lengthy ones — can lead students to question whether they should continue to pay tuition. Adverse events on campus, including network interruptions or data breaches following an attack, can also cause widespread reputational damage.
The pandemic has forced organizations to pivot toward flexible thinking and creative planning. As schools, colleges, and universities continue navigating a shift to online learning — or prepare for such a move if COVID-19 cases in their communities surge — putting systems in place to minimize the risks of a cyber-attack is crucial.
Schools, colleges, and universities should ensure they are well equipped to quickly identify and respond to an attack, allowing them to return to normal operations with minimal disruptions, through the following actions:
As educational institutions increasingly rely on a virtual environment, the risk of cyber incidents has never been greater. Work with your broker to understand your cyber risk exposure and build insurance and risk mitigation programs that can help manage the effects of a cyber-attack and quickly return to normal operations.