Cyber-Attacks on Education Sector Surge 63% Yearly
▼ Summary
– Global attacks on schools and universities rose 63% year-over-year, from 260 incidents to 425, according to Quorum Cyber’s report.
– Data breaches increased 73%, hacktivist activity rose 75%, and ransomware attacks went up 21% across 67 countries.
– Threats include nation-state theft of research in AI and quantum computing, and hacktivist DDoS, defacement, and data leaks from Iranian actors.
– Top ransomware groups were FunkSec (23%), Cl0p (10%), INC (10%), and Nova (10%), with infostealer malware also a persistent threat.
– Recommended mitigations include intelligence-led vulnerability management, dark web monitoring, robust backups, incident response exercises, and social engineering policies.
Educational institutions worldwide are facing an unprecedented wave of cyber threats, with total recorded attacks soaring by 63% year over year, according to new data from security firm Quorum Cyber. The company’s 2026 Global Cyber Risk Outlook for Higher Education, compiled from FalconFeeds.io threat intelligence spanning November 2023 to October 2025, paints a stark picture of escalating risks.
The report documents a jump from 260 incidents in the November 2023-October 2024 period to 425 attacks in the following 12 months, affecting 67 countries. Data breaches rose 73%, hacktivist activity surged 75%, and ransomware attacks increased 21% during that timeframe.
Multiple threat vectors are converging on the sector. Quorum Cyber notes that universities are prime targets for nation-state actors seeking to steal high-value research, particularly in cutting-edge fields like artificial intelligence, quantum computing, and advanced materials. At the same time, hacktivist groups are ramping up DDoS attacks, website defacements, and data leaks, with Iranian threat actors becoming increasingly active.
Infostealer malware and financially motivated ransomware remain persistent dangers. The most prolific ransomware groups identified were FunkSec (23%), Cl0p (10%), INC (10%), and Nova (10%).
To counter these threats, Quorum Cyber recommends that educational institutions adopt a multi-layered defense strategy. Key measures include intelligence-led vulnerability management to prioritize patching, dark web monitoring for early detection of leaked credentials, and robust backup protocols (the 3-2-1 rule: three copies of critical data on two devices, with one stored offline). Regular incident response exercises and strong password management are also essential, alongside social engineering policies that encompass helpdesk hardening, user awareness training, phishing-resistant MFA, and enforced least privilege access.
Ambrose Neville, head of information security at Queen Mary University of London, highlighted the unique challenge facing higher education. “The attacks we see are designed to interrupt teaching, research, and day-to-day operations,” he said. “The challenge for the sector is that openness and collaboration is fundamental to how higher education institutions operate. This makes it more challenging to simply lock systems away, in the way that some other industries may be able to. As a result, we prioritize security resilience. It’s critical to know where you’re exposed, spot threats early and respond quickly before incidents escalate.”
(Source: Infosecurity Magazine)