Schools and cyberattacks: key stats that school boards need to know

Jill Holtz

Are you managing your school’s cyber risk? Do you know the true costs of cyberattacks to your school if it happens? 

We have put together some statistics and figures about cyber risk, ransomware, and attacks on schools in our latest infographic.  

The impact of cyberattacks on the services, funds or confidential information of schools cannot be underestimated. Such attacks have the potential to cause severe financial and reputational damage, and they may also jeopardize the personal data of staff and students. 

With the increased adoption of technology by schools, the potential for cyberattacks has also increased.   

key cyber risk stats that school boards need to know 

Download our infographic in shareable formats pdf, jpg and ppt here

The number of ransomware attacks is rising 

Ransomware attacks are on the increase with huge impacts. In 2021, 56% of K-12 schools and 64% of higher education organizations reported being hit by ransomware. And the number of school districts hit by ransomware almost doubled in 2022 compared to 2021. 

One of the most prominent recent attacks was on Los Angeles Unified School District, the second largest district in the U.S., in September 2022. This attack affected 500,000 students from 1,300 schools.  

The costs of ransomware attacks are huge 

On top of the rising numbers of attacks, the cost of ransomware attacks is also huge. It has been estimated that the cost of 67 ransomware attacks across 1,000 schools was a staggering $3.5Bn in 2021.  

The cost of paying a ransom has also increased sharply. In 2021, an average cost was $375,311, by 2022 it had risen to $887,360. 

As the National Fraud Intelligence Bureau (NFIB) Action Fraud points out, “Ransomware continues to be a successful cyberattack and although the extent of the harm is underreported by most victims, ransomware remains hugely profitable for individuals and group offenders and equally disruptive for victims.” 

Other impacts on school operations from cyberattacks 

The average loss of learning time for schools following a cyberattack is between three days and three weeks with the average recovery time for schools after a cyberattack taking between two and nine months. 

Other consequences are significant and costly, including:  

  • Having to close schools 
  • Disruption in learning and teaching 
  • Taxpayer funds being used to recover data  
  • Identity theft
  • Exposure of sensitive student data  

“Staying ahead of [cyber risk] really comes down to you as a board members knowing the right questions to ask.” – Brian Stafford, Diligent CEO 

Governance technology helps school boards establish a sound cybersecurity framework  

Governance technology helps boards protect sensitive student and school data, as well as prevent, mitigate, and respond to cybersecurity threats.  

Governance technology brings in a sound cybersecurity framework that provides:   

  • Controls to limit 3rd party access  
  • User-based permissions to protect sensitive information  
  • Robust data encryption to secure board communication 
  • The tools enable new board members to get up to speed quickly on cybersecurity policies  

Alongside using governance technology, school boards should:  

  1. Conduct regular security audits and training on cybersecurity
  2. Follow good practice in data management 
  3. Have an emergency preparedness plan 
  4. Have a clear vision of who-does-what after a breach 

See how Diligent Community can help strengthen your school board's cyber resilience. Request a demo today.