Skip Navigation
  • Careers
  • Report a Claim
  • Contact Us
Risk Strategies Logo
  • Industries

    • Agriculture
    • Architects & Engineers
    • Aviation
    • Cannabis
    • Construction
    • Dental
    • Education
    • Entertainment
    • Financial Services
    • Fine Art
    • Healthcare
    • Law Firms
    • Marine & Yacht
    • Nonprofit & Human Services
    • Private Equity
    • Public Sector
    • Real Estate
    • Relocation
    • Transportation
    • Waste & Recycling
    • Wineries
  • Solutions

      • Captives
      • Casualty
      • Cyber
      • Environmental
      • International
      • Management Liability
      • Property
      • Surety
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
      • Financial & Wealth Overview
      • Life Insurance
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting

    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights

    • All Insights
    • Blog
    • Emergency Resource Centers
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company

    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
  • Join Us
    • Careers
    • Mergers & Acquisitions
  • Industries
    • Agriculture
    • Architects & Engineers
    • Aviation
      • Aviation Business Insurance - Manned Risk
      • Non-Owned Aviation
      • Unmanned Aerial System and Drones
    • Cannabis
    • Construction
      • Alternative Solutions
      • Financing & Pre-Construction
      • Insurance Solutions
      • Risk Management
      • Surety
    • Dental
      • Insurance for Dental Professionals
      • Dental Malpractice Insurance
      • BOP Insurance - Dental Practices & DSOs
      • Dental School Graduates
      • Dental Associates & Hygienists
      • Dental Practice Owners
      • Dental Service Organizations (DSOs)
    • Education
      • Employee Benefits for Education
      • Property, Casualty & Liability for Education
      • Student Health & Wellness
        • Student Health Brokerage and Consulting
        • Student Health Plan Administration
        • Student Health Insurance Plans
        • Solutions for Student Athletes
        • Student Health & Wellness Tools
        • Special Risk Insurance
    • Entertainment
      • Film & Television
      • Advertising Production Wrap Ups
      • Advertising/PR
      • Event Cancellation & Non-Appearance
      • Music & Touring
      • Theatrical Production & Live Performance 
      • Venue Insurance
    • Financial Services
      • Asset Managers
      • Banks & Non-Bank Lending
      • Collections
      • Consumer Financial Services
      • Financial Tech
      • Insurance Companies
    • Fine Art
      • Artists
      • Artist Endowed Foundations
      • Auction Houses
      • Fine Art Packers / Shippers / Warehouses
      • Galleries
      • Museums
      • Private Art Dealers / Advisors
      • Private Collectors
    • Healthcare
      • Employee Benefits - Healthcare
      • Managed Care / Stop Loss
      • Medical Malpractice
      • Property & Casualty - Healthcare
      • Reinsurance
    • Law Firms
    • Marine & Yacht
      • Boat & Yacht For Individuals
      • Commercial & Recreational Marine Businesses
        • Marine Businesses
        • Sailing Organizations - Burgee Program
      • Jackline Insurance Solutions for Cruisers
      • Mega Yachts
      • One-Design Insurance Program
      • Crew Medical Insurance
      • Sailors Health Insurance Program
      • US Sailing Insurance Solutions
    • Nonprofit & Human Services
    • Private Equity
      • Crypto Companies
    • Public Sector
      • Public Safety Organizations & Municipalities
    • Real Estate
      • Commercial
      • Community Associations
      • Hospitality
      • Residential / Habitational
      • REITs
      • Retail
      • Specialty Programs
    • Relocation
      • Domestic Household Goods
      • Expat Renters & Living Insurance
      • Relocation Claims Service
      • International Household Goods
      • Supplemental Movers Coverage
      • Temporary Living Insurance
      • Vacant Home
    • Transportation
      • Business Auto Insurance
      • Last Mile Delivery
      • While Under Dispatch Insurance
      • Forwarding & Brokering
      • Workers' Compensation
    • Waste & Recycling
    • Wineries
  • Solutions
    • Commercial Insurance
      • Captives
      • Casualty
        • Analytics
        • Auto Liability & Physical Damage
        • Captives & Alternative Risk Financing
        • Claims Advocacy & Loss Control
        • Excess Liability
        • General Liability
        • Product Recall
        • Workers' Compensation
      • Cyber
        • Cyber Resolute
        • Cyber Risk Assessment and Analytics
        • Cyber Risk Response & Claims Advocacy
        • Cyber Insurance - Family Office
        • Cyber Insurance - Individuals
      • Environmental
        • Contractors Pollution Liability
        • Environmental Excess
        • Environmental Liability Transfer
        • Environmental Liability - Healthcare
        • Environmental Liability - Higher Education
        • Pollution Legal Liability
        • Environmental Liability - Private Equity
        • Professional Environmental Liability Insurance
        • Real Estate Development
        • Remediation Cost Cap
        • Secured Creditor Protection for Lenders
        • Underground Storage Tanks
      • International
      • Management Liability
        • Management Liability - Entertainment
        • Management Liability - Financial Institutions
        • Management Liability - Healthcare
        • Management Liability - Real Estate
      • Property
        • Builder's Risk
        • Property Claims Services
        • Inland Transit and Ocean Cargo
        • Natural Hazard Catastrophe Modeling
        • Political Violence and Terrorism
        • Property Damage & Business Interruptions Valuations
        • Property Loss Prevention and Control
      • Surety
    • Employee Benefits
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Advisory Services
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Medicare
    • Financial & Wealth
      • Financial & Wealth Overview
      • Life Insurance
    • Private Client Services
      • Private Client Services Overview
      • Homeowners
      • Flood
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Collector & Exotic Car
      • Boat & Yacht
      • Travel Medical & Trip Insurance
      • Family Office
      • Cyber Insurance - Family Office
      • Cyber Insurance - Individuals
      • Specialty Coverages
      • Private Client Risk Resource Center
    • Reinsurance
    • Risk Management Services
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
      • Pro Safety Training Courses
      • Workers’ Comp: Premium Review & Recovery
  • Consulting
    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy Consulting
    • Retirement Benefits
  • News and Insights
    • All Insights
    • Blog
    • Emergency Resource Centers
      • Cybersecurity
      • Earthquake
      • Hurricane
      • Pandemic
      • Riot & Civil Unrest
      • Severe Storms
      • Violence & Active Shooter
      • Wildfire
      • Winter Weather
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
    • Private Client Resources
    • Webinars
  • Company
    • About Us
    • Annual Report
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
      • BeHEARD Series
      • DE&I Structure
      • Employee Resource Groups
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Foundation
    • Transparency and Disclosures
      • General Terms of Business
      • Conflict of Interest Policy
      • Compensation Disclosure
      • Enterprise Risk Management
  • Join Us
    • Careers
      • Benefits & Wellness
      • Investing in Growth & Leadership
      • Life at Risk Strategies
      • Next Steps
    • Mergers & Acquisitions
      • Partnership Benefits
      • Why Join Us?
      • Onboarding & Integration
  • Careers
  • Report a Claim
  • Contact Us

You are about to leave Risk Strategies website and view the content of an external website.

You are leaving risk-strategies.com

By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.

OK
  • News and Insights
  • Blog
Subscribe

Subscribe via Email

  • News and Insights
  • Blog
September 30, 2024

Combating Surging Ransomware Attacks: Strategies for Universities and Colleges

Cyber Risk Management
6 min read
Allen Blount, National Cyber & Technology Product Leader, and Steve Bryant, Managing Director, Higher Education Risk Management Leader 
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email
Combat Surging Ransomware Attacks: Strategies for Universities & Colleges
  • Facebook
  • X (Twitter)
  • LinkedIn
  • Email

Universities and colleges are increasingly under siege by ransomware. In 2023 alone, ransomware attacks on higher education institutions surged by 70%, with 66% of universities falling victim to these cyber assaults.

These attacks can cripple academic and operational functions. The financial impact is equally alarming — higher education institutions reported an average recovery cost of $4.02 million in 2024, nearly four times higher than the previous year.

Running a university is like managing a small city — complex systems, thousands of users, and vast amounts of valuable data are constantly in motion. This makes universities prime targets for cybercriminals. The question is now when, not if, your university will be targeted by ransomware. Without robust cybersecurity measures, the outcomes could be devastating.

What is a ransomware attack?

Ransomware is a type of malware that locks an organization’s data, effectively holding it hostage until a ransom is paid. For universities, the consequences of such an attack can be severe. Not only can ransomware encrypt important research and operational data, but the disruption caused can lead to reputational damage, lost revenue, and operational paralysis.

Critical data at risk includes:

  • Personal information: Social security numbers, addresses, and records of students and faculty.
  • Financial data: Tuition payments, payroll information, and donor contributions.
  • Research and intellectual property: Irreplaceable proprietary research funded by academic grants and government projects.

The dilemma for universities is that even if they pay the ransom, there is no guarantee that attackers will return or secure the stolen data. Understanding why universities are so frequently targeted can help guide strategies for better protection.

Why are universities and colleges prime targets for ransomware?

Several factors make universities particularly attractive to cybercriminals. Each of these elements adds complexity to securing university networks and data:

  • Decentralized IT systems: Many universities allow departments to manage their own IT infrastructure. This decentralization results in multiple access points for attackers, making it difficult to enforce uniform security measures across the institution.
  • Constant influx of new users: Each academic year brings a flood of new students, faculty, and researchers who connect personal devices to the university network. These devices often lack adequate security protections, creating more vulnerabilities that are difficult to monitor and secure.
  • Third-party vendor dependencies: Universities rely heavily on third-party vendors for essential services like cloud storage and software management. Weaknesses in these vendor systems can lead to significant security breaches, as seen in the MOVEit attack, where a vulnerability in the file-sharing software allowed cybercriminals to steal sensitive data from numerous organizations, including educational institutions.
  • Physical security risks: Beyond digital systems, universities often use biometric access to manage secure areas. If compromised, these systems allow attackers physical access to critical areas, which could further disrupt operations or expose sensitive information.

With these vulnerabilities in mind, universities need a comprehensive strategy to protect against ransomware attacks.

How universities and colleges can reduce ransomware risk

Reducing ransomware risk requires a multi-layered defense strategy that blends technology, processes, and user awareness. Here's how universities can protect themselves:

  • Implement multi-factor authentication (MFA): Adding MFA across all systems ensures that even if a password is compromised, a second form of verification, like a text message or authentication app, is required. This simple yet effective step significantly reduces unauthorized access.
  • Centralize IT management: Centralizing IT management ensures consistent security policies across all departments, making monitoring and threat response more efficient.

While these technological measures form a strong defense, user behavior remains a significant factor in preventing ransomware attacks:

  • Educate and train users: Phishing is one of the most common ways ransomware enters a system. Regular training for students, faculty, and staff on how to identify phishing emails and suspicious behavior is essential. Simulations and ongoing awareness programs can further enhance preparedness.
  • Deploy advanced monitoring tools: Real-time monitoring tools like security operations centers (SOCs) and endpoint detection and response (EDR) systems can detect unusual activity before it leads to an attack. AI-powered systems, in particular, can identify patterns and stop threats before they escalate.

Ensuring the security of third-party vendors and external partners who interact with the university is equally important. Implementing strategies for effective vendor management and external party security helps protect university data:

  • Secure third-party vendors: Universities often rely on third-party vendors for services. Regularly auditing their security practices and ensuring they meet high cybersecurity standards helps close off potential backdoors that attackers could exploit.
  • Enhance physical and remote access security: With the rise of remote learning and work, securing both physical and digital access points is more important than ever. Use virtual private networks (VPNs) to protect remote access, ensuring only approved devices connect to the university network. For physical locations, biometric access controls add an extra layer of security, reinforced with multi-factor authentication (MFA) and encryption. This layered approach helps mitigate vulnerabilities and enhances overall protection.

Securing access points is one layer of protection, but a more comprehensive approach blends strong technological defenses with strategies to overcome various challenges. These can include obstacles that impact the overall success of a security strategy.

Overcoming budgetary and organizational challenges:

Budget constraints and organizational resistance are two major obstacles to improving cybersecurity in universities. However, addressing these challenges is key to reducing risk. When budgets are tight, investing in cybersecurity often competes with other priorities, yet the cost of recovering from a ransomware attack can far exceed the investment needed for prevention. Effective steps include:

  • Prioritize cybersecurity in budget discussions: Ensuring cybersecurity is a regular part of budget allocation helps prevent future financial losses.
  • Leverage external resources: Government programs, such as those offered by the Cybersecurity and Infrastructure Security Agency (CISA), provide tools and assistance that can supplement internal budgets.

Organizational resistance, especially from long-tenured faculty, can be a barrier to adopting security protocols like MFA. Educating faculty and staff on the risks ransomware poses to both personal and institutional data can help gain their support. Additional steps to consider:

  • Foster a culture of shared responsibility: By promoting security as everyone’s responsibility, universities can encourage buy-in across departments.
  • Involve faculty in decision-making: Engaging faculty in discussions about cybersecurity measures can improve adoption and ease implementation.

By addressing these challenges, universities can create a stronger, more resilient security culture that helps protect against ransomware attacks.

Expanding cybersecurity into broader institutional strength

Defending against ransomware requires a cybersecurity strategy that combines technology, education, and culture. As universities evolve, everyone—from students to faculty and staff—has a part in securing institutional data and systems. A holistic, proactive approach strengthens long-term protection for both data and reputation.

Want to learn more?

  • Reach out to the Risk Strategies Cyber Risk Team at cyber@risk-strategies.com.
  • Get in touch with the Risk Strategies Education Team at highereducation@risk-strategies.com.

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client. 

Related Posts

See all posts

Transportation Cyber
4 min read
May 14, 2025

How Cybercrime is Hijacking the Supply Chain: Cargo Theft, Fraud, and Insurance Gaps

Cyber risk is no longer just the IT department's problem in today's fast-moving transportation …
Read article
Cyber Risk
5 min read
April 02, 2025

The Future of Risk: Cyber Threats Affecting Businesses in 2025

Editor’s note: The way businesses approach risk is undergoing a fundamental shift. This article is …
Read article
Cyber
5 min read
March 26, 2025

Understanding the 23andMe Data Breach and Ensuring Cybersecurity

- UPDATE - From breach to bankruptcy: 23andMe’s data fallout continues Little more than 18 months …
Read article
Risk Strategies Logo
  • Report a Claim
  • Contact
  • Terms of Use
  • Cookie Policy
  • Privacy Policy
  • Consumer Health Data Privacy Notice
  • Accessibility
  • Health Plan Transparency Compliance
  • Accessibility
  • Cookie Policy
  • Health Plan Transparency Disclosure
  • Privacy Policy
  • Terms of Use
©2025 Risk Strategies. All rights reserved.

Connect with Us

  • LinkedIn
  • X
  • Instagram
  • Facebook