Jun 11 2024

IT Leaders Are Optimistic About Cybersecurity

Preparedness, staffing and zero-trust implementation are among the top concerns for cybersecurity professionals in the education sector, according to new research conducted by CDW.

According to a new research report from CDW, K–12 technology and cybersecurity professionals believe they are well prepared to face cyber incidents.

CDW conducted the survey of more than 950 U.S. technology and security professionals across industries in March 2024. In education, respondents from both K–12 and higher education institutions added their insights.

“There is a really powerful message that comes out of the report as a whole that there’s a ton of commonality in terms of what organizations are facing,” says Stephanie Hagopian, vice president of security for CDW. “There is a huge amount of value in understanding that you are not alone as an institution going through the challenges that you’re going through.”

Click the banner below to access the full "2024 CDW Cybersecurity Report."


Education Institutions Are Prepared to Respond to a Cyberattack

For an organization to be cyber resilient, preparedness for an attack is vital. Educational institutions increasingly are thinking about cyberthreats as inevitabilities rather than possibilities, which means considering the eventual effects of an attack on a school, district or campus.

“Cyber risk is a business risk,” says Buck Bell, head of CDW’s Global Security Strategy Office. “When you think about resilience, that’s a key input into the overall continuity of the business, not just the ability of the technical environment to withstand attacks.”

Across the education sector, 43 percent of respondents indicated that they have not experienced a data breach in the past five years. Of those who have, 22 percent said the attacks cost them between $1 million and $5 million. Sixty-one percent of respondents say they are either very or somewhat prepared to respond to a cybersecurity incident and minimize the resulting downtime, while 28 percent are very or somewhat unprepared.


The percentage of respondents who say they are either very or somewhat prepared to respond to a cybersecurity incident and minimize the resulting downtime

Source: CDW, 2024 CDW Cybersecurity Report, June 2024

“When you’re talking about the implications of a cyberattack, some of the obvious implications of that are related to data exfiltration and financial risk, the reputational risk and compliance impacts that will follow that,” Bell says. “Operational downtime is a huge risk that in some ways outstrips even those other risks.”

Cyber insurance plays a role in helping educational institutions prepare for and recover from cyber incidents. Forty-seven percent of education respondents said their cyber insurance policy significantly influences their cybersecurity strategy, while 21 percent of respondents do not have a policy. These plans offer many benefits to organizations of all kinds, but particularly in the education sector where cyberattacks are more prevalent.

“Many cyber insurers have begun to develop partnerships with security vendors that they can bring in as experts to help folks have a really well-prepared incident response plan,” Bell says.

Visibility is also a factor in cyber resilience. In the survey, 78 percent of education respondents said they are either somewhat or very confident that they have sufficient visibility into their cybersecurity landscape. Education respondents named cloud security posture management and identity and access management as the most effective tools for improving visibility into an environment, with 74 percent of respondents citing both approaches as somewhat or very effective.

Bell says administrators can monitor users’ access and behaviors to identify potential risks — insights they might not have without comprehensive IAM solutions in place.

KEEP READING: Do you know the top three reasons to modernize your IAM program?

Staffing Issues Permeate the Cybersecurity Field

Across industries, staffing and training were major concerns for IT and security professionals.

In education, 38 percent of respondents said sufficient understanding of staffing needs is missing from their organizations’ approach to cybersecurity — the most common response on the list. Only 10 percent of respondents considered themselves fully staffed, while 13 percent are severely understaffed, and 40 percent are understaffed but say it could be worse.

Outsourcing can be an effective way to address staffing concerns, but according to the survey, 38 percent of education respondents do not outsource anything related to IT security.

Matt Chinworth/Theispot

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.