A new survey finds that 56% of K-12 schools and 65% of colleges and universities worldwide have been the victims of a ransomware attack in the past year, a sharp increase from the 44% of respondent in both sectors that reported attacks the prior year.

The State of Ransomware in Education 2022, commissioned by the security software and hardware company Sophos, was conducted by the independent research agency Vanson Bourne which surveyed 5,6000 IT professionals in 31 countries.

Cyberthieves are more successful at encrypting the data of K-12 education institutions (72%) and higher education institutions (76%) than they are against other sectors, where the average global encryption rate is 65%.  These findings suggest that the education sector lacks the layered defenses needed to prevent encryption if an adversary does succeed in penetrating the organization, the report said.

The survey found that 94% of lower education and 97% of higher education respondents hit by ransomware said the attack impacted their ability to operate, while 92% (lower) and 96% (higher) said the attack caused their organization to lose business/revenue.

Most educational institutions that are victims of cyberattacks do get most of their data back, either through backups, by paying ransom or some other means. The survey found that 45% of lower education institutions and 50% of higher education reported that they paid the ransom to restore data, compared with the global average of 46%.

Higher education reported the slowest recovery across all sectors with 9% of respondents reporting a recovery period of three to six months, more than double the global average of 4%. Overall, 40% in higher education said it took over a month to recover compared to the global average of 20%.