IT Brief India - Technology news for CIOs & IT decision-makers
India
Jack alexander senior threat intelligence analyst quorum cyber
#
Malware
#
EduTech
#
Firewalls

Cyber attacks on universities rise 63% around the world

Thu, 23rd Apr 2026 (Today)
Author image
By Shannon Williams, News Editor

Cyber attacks on education institutions rose 63% globally over the past year, according to Quorum Cyber, which recorded 425 incidents across 67 countries in the latest 12-month period.

The figures come from Quorum Cyber's Global Cyber Risk Outlook for Higher Education, which tracked attacks between November 2024 and October 2025 and compared them with the previous 12 months. Incidents rose from 260 to 425, with increases in data breaches, hacktivist activity and ransomware.

Data breaches increased 73% and hacktivist activity rose 75%. Ransomware incidents were up 21%, indicating a threat mix that extends beyond financially motivated attacks to politically driven disruption and state-backed operations.

Threat Mix

Universities involved in advanced research are attracting sustained attention from nation-state actors, the report found. It identified Chinese-linked activity as a significant threat in fields including artificial intelligence, quantum computing and advanced materials.

Iranian actors were also described as expanding their methods beyond espionage to include credential theft, ransomware and distributed denial-of-service attacks. Phishing and social engineering remain common routes into education networks.

Hacktivist activity has also become more prominent. Universities have faced DDoS attacks, website defacements and data leaks linked to perceived positions on international conflicts, reflecting how geopolitical tensions are shaping cyber targeting.

Organised cybercrime remains a constant pressure on the sector. Ransomware groups continue to exploit decentralised IT estates and the predictable rhythm of academic calendars, when institutions may be more vulnerable to operational disruption.

Among the ransomware groups cited, FunkSec accounted for 23% of observed ransomware activity in the dataset. Cl0p, another group highlighted in the findings, has issued average ransom demands of more than USD $11 million.

Access Routes

Phishing was responsible for 34% of ransomware incidents, the report found. Credential harvesting and infostealers were also common, which the analysis linked to high user turnover among students and staff.

That risk is compounded by wider structural pressures. Global vulnerability disclosures exceeded 35,000 in 2025, a 21% rise year on year, making patching and prioritisation more difficult for institutions with limited resources and complex systems.

Open research settings, hybrid learning models and legacy technology were all identified as factors that broaden the attack surface. In higher education, where collaboration and access are central to teaching and research, security controls can be harder to apply than in more closed environments.

UK Shift

In the UK, the data pointed to a change in the nature of attacks rather than a sharp rise in ransomware volume. Ransomware activity remained broadly steady, but DDoS incidents increased fivefold.

The sector's share of total observed attacks also rose from 2.5% to 5.15%, suggesting education accounts for a larger share of cyber activity relative to other industries. That aligns with findings from the UK government's Cyber Security Breaches Survey 2025, which found that 91% of higher education institutions had experienced a breach or attack in the previous 12 months.

The same survey found that 30% of those institutions experienced attacks at least weekly. It also reported that education bodies were more likely than businesses overall to face impersonation attacks, malware and DDoS incidents.

Jack Alexander, senior threat intelligence analyst at Quorum Cyber, outlined the range of pressures facing the sector.

"The education sector is now dealing with a convergence of threats: nation-state actors seeking strategic advantage, hacktivists responding to geopolitical events and cybercriminal groups pursuing financial gain," he said.

He said the pattern of attacks showed a more deliberate approach by adversaries.

"What stands out in this data is how targeted and coordinated these attacks have become. In many cases, adversaries are exploiting known vulnerabilities, exposed credentials or predictable operational patterns. Universities and schools need to understand which vulnerabilities are actively being exploited, where their credentials may be exposed and how attackers are operating across the sector. The earlier these signals are identified, the greater the opportunity to disrupt attacks before they escalate into major incidents."

Ambrose Neville, head of information security at Queen Mary University of London, said the pressure on universities reflects both the sensitivity of their data and the breadth of their technology estates.

"Universities are increasingly targeted both for the data they hold and the very diverse mixture of workloads and technologies. We've observed attacks designed to interrupt teaching, research and day-to-day operations," he said.

He added: "The challenge for the sector is that openness and collaboration are fundamental to how higher education institutions operate. This makes it more difficult to simply lock systems away in the way that some other industries may be able to. As a result, we prioritise security resilience. It's critical to know where you're exposed, spot threats early and respond quickly before incidents escalate."

Related stories
Alteryx launches AI Insights Agent on Google Cloud
Thales launches Imperva for Google Cloud in controlled availability
Thrive launches Abacode compliance services after deal
Anthropic & OpenAI split on cyber AI release strategy
Cognizant launches Gemini Enterprise practice with Google

Top stories

VIPRE report says attackers shift to trusted services
Temenos report says five trends will reshape banking
Datadog launches GPU Monitoring to curb AI cloud costs
NetApp deepens Google Cloud tie-up with Gemini rollout
Tredence launches agentic AI suite with Google Cloud