In 2018, SecurityScorecard analyzed 2393 companies with a footprint of 100 IP addresses or more in the education industry. We found the following:
- The education industry performed last in terms of cybersecurity performance compared to all other major industries.
- The education industry performed poorly in patching cadence, application security, and network security.
- There are several regulatory requirements for cybersecurity performance to improve in the education industry.
The results show that although hackers have become increasingly deft at stealing school and student data, the education industry is no better prepared to deal with these malicious threats.
Request the report here. I just did a quick skim on it, and yes, the findings are grim. I wish there was more detailed analysis of the risks involving EdTech, and available statistics on breaches in the education sector, but the report can be used to argue for greater budgets for cybersecurity/infosecurity and training in keeping data secure.