07 August 2020
UK universities are not acting quickly enough to educate about cyber threats, with 46% of staff receiving no training and 12% of universities not offering any kind of security guidance to staff and students.
A recent report from security firm Redscan found that 54% of UK universities reported a data breach to the Information Commissioner’s Office in the last year. However, a majority of universities are still found lacking when it comes to imparting cyber security training to staff and students, expenditure on security, carrying out pen testing, or hiring cyber security professionals.
Information obtained by the security firm from 134 universities in the UK via a Freedom of Information request revealed that even though universities are the target of millions of phishing emails every year, the average university is spending just £7,529 per year on security training and is hiring only three qualified cyber security professionals.
Universities often suffer data breaches due to errors committed by employees when storing or handling the personal data of staff and students. Such data leaks or breaches can be avoided if staff are provided adequate cyber security training and are educated about various online threats.
However, Redscan found that only 66 out of 134 UK universities have Cyber Essentials or Cyber Essential Plus certification, 49% are not proactive in providing security training and information to students, 12% of universities do not offer any kind of security guidance, support or training at all to students, and 46% of all university staff in the UK received no security training in the last year.
“UK universities are among the most well-respected learning and research centres globally, yet our analysis highlights inconsistencies in the approach institutions are taking to protect their staff, students and intellectual property against the latest cyber threats,” said Mark Nicholls, CTO of Redscan. “The fact that such a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing, is concerning. These are foundational elements of every security programme and key to helping prevent data breaches.”
Nicholls added that “even at this time of intense budgetary pressure”, institutions need to ensure that their cyber security teams receive the support they need to defend against “sophisticated adversaries”.