KnowBe4 Releases Report on Education Sector’s Preparedness for Cyberattacks

  • By Matt Jones
  • 03/19/25

Cybersecurity platform KnowBe4 recently released a new research report titled “From Primary Schools to Universities, The Global Education Sector is Unprepared for Escalating Cyber Attacks,” according to a news release. Multiple reports indicate that in 2024, the education sector was the most heavily targeted for cyberattacks, as many institutions don’t have adequate resources for comprehensive cybersecurity programs.

According to the report, both K–12 and higher-education institutions use third-party vendors for services like cloud storage, IT services, and software-as-a-service. Vulnerabilities in these third-party systems could affect all clients and institutions using these services.

The report also found that many schools and colleges mix modern and legacy IT systems to compensate for limited resources and the demand for modernization. This mix can provide attackers searching for an open door with access to either outdated or easily exploitable systems containing sensitive personal data.

Verizon’s 2024 Data Breach Investigation Report (DBIR) found a total of 30,458 security incidents for the year, including 10,626 confirmed data breaches, the news release reports. Among these, 1,780 incidents (17%) were against educational institutions, and 1,537 (14%) included confirmed data breaches.

Finally, according to the report, Trustwave research documented 352 ransomware claims against educational institutions in 2023.

“Today’s classroom environment is becoming ever more digital, increasing the attack surface of educational institutions and creating an unprecedented level of cyber risk,” said KnowBe4 CEO Stu Sjouwerman. “Educational institutions have inadvertently become prime targets for sophisticated threat actors due to an overall lack of resources. The most concrete, effective step that an educational institution can take to secure vital and sensitive data is to ensure that all individuals who access IT systems are equipped with the proper tools, education and awareness to protect against cyber threats and reduce human risk.” 

Finally, the report indicated the significance of employee awareness training in mitigating security risks. Employee susceptibility to phishing attacks plunged from 33.4% to 3.9% in small educational institutions following a year of sustained training and simulated phishing attacks, the news release reports.

About the Author

Matt Jones is senior editor of Spaces4Learning. He can be reached at [email protected].

Featured

  • New Kent State Academic Building Earns LEED Silver Certification

    Kent State University in Kent, Ohio, recently announced that its newest academic building, Crawford Hall, has earned a LEED Silver certification from the U.S. Green Building Council, according to a news release. The facility was recognized for its innovative design, water conservation technologies, energy-efficient systems, and sustainable construction materials, among other features.

  • California Boarding School Opens New Inquiry Collaborative Facility

    Cate School, a boarding school in Carpinteria, Calif., for students grades 9–12, recently announced that it has finished renovating a historic dining hall into a new academic hub, according to a news release. The school partnered with Blackbird Architects and Tangram Interiors on the two-story, 16,000-square-foot Inquiry Collaborative.

  • KI Launches K–12 Classroom Furniture Giveaway

    Contract furniture company KI recently announced the launch of its fourth-annual Classroom Furniture Giveaway, which awards $50,000 each to four K–12 educators across the U.S., according to a news release. The goal is to address decreasing student engagement and increasing teacher burnout numbers by updating learning spaces to accommodate modern needs.

  • Three U.S. Universities Install Acre Security Access Control Platform

    Cloud-native physical and digital security solutions company Acre Security recently announced that it has deployed its access control platform at three major universities in the U.S., according to a news release. Acre partnered with Atrium Campus to provide coverage for more than 69,000 students at the University of Virginia (UVA), George Mason University, and Rockhurst University.