Dive Brief:
- Data suggests ransomware response and recovery has improved year over year in K-12 schools around the world, according to a new report from Sophos, a cybersecurity company.
- Median ransom payments fell from $6.6 million to $800,000 in lower education — institutions serving students 18 years and younger — between 2024 and 2025, Sophos found. The company surveyed 441 IT and cybersecurity leaders across 17 countries who have worked in education organizations targeted by ransomware in the past year.
- Schools also recovered faster from ransomware attacks, with 50% of lower education providers reporting they fully recovered within a week in 2025 compared to 30% in 2024.
Dive Insight:
Though schools’ average ransomware recovery costs decreased 39%, from $3.76 million to $2.28 million, within the last year, Sophos found that lower education providers still reported the highest recovery costs in comparison to other sectors in 2025.
Still, there is encouraging evidence that schools are bolstering their cybersecurity measures, as just 29% of ransomware attacks in lower education resulted in data being encrypted. Encryption is used to make a ransomware victim’s data and files accessible only to the threat actor. That figure marks the lowest data encryption rate reported across any industry, Sophos said.
On top of that, schools were increasingly able to stop ransomware attacks before their data could be encrypted — jumping from 14% to 67% in the past year. That encryption prevention rate is far higher than the 44% average across all business sectors, according to Sophos.
“This indicates that lower education providers are now more effective than ever at detecting and blocking ransomware attacks before they can do damage,” the Sophos report said.
Phishing was the leading cause for ransomware attacks in the lower education sector in 2025, according to Sophos. Other contributing factors to attacks included malicious emails, exploited vulnerabilities, and compromised credentials.
But time will tell if the momentum to combat ransomware — particularly in U.S. K-12 schools — can be sustained.
State ed tech leaders continue to view cybersecurity as one of several top priorities, according to a recent report from the State Educational Technology Directors Association. However, the number of state leaders who said their state provides “very little funding” for mitigating cybersecurity risk in education doubled from 17% to 35% between 2024 and 2025.
“These responses spotlight the need for states to continue investing in education technology Infrastructure — specifically cybersecurity and access investments — even as they allocate more resources to supporting AI,” the SETDA report said.
The SETDA report also stressed that as the federal role in ed tech wanes, it’s increasingly important for states to invest more in their own ed tech offices and technology initiatives.
Under the second Trump administration, district leaders have expressed concern over a shift away from federal support for K-12 cybersecurity and ed tech. Over 400 school district leaders sent a letter to Congress in July asking that federal leadership be restored in those two areas.
Some of the recent rollback for K-12 cybersecurity efforts at the federal level stemmed from the closure of the Office of Educational Technology within the U.S. Department of Education. The cuts to that office left a major hole in guidance for states and districts on cybersecurity strategy, according to the letter from district leaders.
The letter added that funding cuts at the Cybersecurity and Infrastructure Security Agency led to the discontinuation of K-12 cybersecurity programs offered through the Multi-State Information Sharing and Analysis Center. As a result, district leaders wrote, schools lost access to “critical threat intelligence, incident response, and coordination services that many school systems depend on to protect against ransomware and other attacks.”
Source link
