UK universities have been consigned to “Dunce’s Corner” after it has been revealed that half of all institutions reported a data breach to the Information Commissioner’s Office last year, with many cutting back on data security training.
So says a new report from security firm Redscan, compiled from Freedom of Information responses from 134 universities, which showed that 86 had reported an incident. Of those that did respond, almost half employ staff that have received no cybersecurity training.
On average, universities spend less than £7,800 a year on security training; however, these figures are slightly skewed by the fact that one unnamed institution spent nearly £50,000 last year. Others spend nothing at all, with one top Russell Group university admitting it had trained only 12% of its staff.
Meanwhile UK universities employ an average of three qualified cybersecurity professionals and almost a quarter of institutions have not hired a third party to conduct a penetration test. However, half of universities are proactive in their approach, providing security training and information to students.
Redscan chief technology officer Mark Nicholls said the lack of training and testing is a major concern: “These are foundational elements of every security programme and key to helping prevent data breaches.
“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding.
“The threat posed to universities by nation state attackers makes the need for improvements even more critical. The cost of failing to protect scientific research is immeasurable.”
However, as six UK universities have found out to their cost, cloud computing providers can also be a threat following the Blackbaud data breach.
Crisis donors hit as fears grow over Blackbaud breach
Clients demand answers as cloud giant admits breach
Law firm pounces on EasyJet breach with £18bn claim
EasyJet rocked as data breach hits 9 million customers
Fresh delay to Marriott and BA fines fuels ICO criticism
BA and Marriott block £282m GDPR fines – yet again
Ambulance chasers in A&E as £100m Equifax claim axed