IT Leaders Are Optimistic About Cybersecurity

Education Institutions Are Prepared to Respond to a Cyberattack

For an organization to be cyber resilient, preparedness for an attack is vital. Educational institutions increasingly are thinking about cyberthreats as inevitabilities rather than possibilities, which means considering the eventual effects of an attack on a school, district or campus.

“Cyber risk is a business risk,” says Buck Bell, head of CDW’s Global Security Strategy Office. “When you think about resilience, that’s a key input into the overall continuity of the business, not just the ability of the technical environment to withstand attacks.”

Across the education sector, 43 percent of respondents indicated that they have not experienced a data breach in the past five years. Of those who have, 22 percent said the attacks cost them between $1 million and $5 million. Sixty-one percent of respondents say they are either very or somewhat prepared to respond to a cybersecurity incident and minimize the resulting downtime, while 28 percent are very or somewhat unprepared.

“When you’re talking about the implications of a cyberattack, some of the obvious implications of that are related to data exfiltration and financial risk, the reputational risk and compliance impacts that will follow that,” Bell says. “Operational downtime is a huge risk that in some ways outstrips even those other risks.”

Cyber insurance plays a role in helping educational institutions prepare for and recover from cyber incidents. Forty-seven percent of education respondents said their cyber insurance policy significantly influences their cybersecurity strategy, while 21 percent of respondents do not have a policy. These plans offer many benefits to organizations of all kinds, but particularly in the education sector where cyberattacks are more prevalent.

“Many cyber insurers have begun to develop partnerships with security vendors that they can bring in as experts to help folks have a really well-prepared incident response plan,” Bell says.

Visibility is also a factor in cyber resilience. In the survey, 78 percent of education respondents said they are either somewhat or very confident that they have sufficient visibility into their cybersecurity landscape. Education respondents named cloud security posture management and identity and access management as the most effective tools for improving visibility into an environment, with 74 percent of respondents citing both approaches as somewhat or very effective.

Bell says administrators can monitor users’ access and behaviors to identify potential risks — insights they might not have without comprehensive IAM solutions in place.

KEEP READING: Do you know the top three reasons to modernize your IAM program?

Staffing Issues Permeate the Cybersecurity Field

Across industries, staffing and training were major concerns for IT and security professionals.

In education, 38 percent of respondents said sufficient understanding of staffing needs is missing from their organizations’ approach to cybersecurity — the most common response on the list. Only 10 percent of respondents considered themselves fully staffed, while 13 percent are severely understaffed, and 40 percent are understaffed but say it could be worse.

Outsourcing can be an effective way to address staffing concerns, but according to the survey, 38 percent of education respondents do not outsource anything related to IT security.