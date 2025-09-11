…40% Of IT Staff Report Severe Anxiety

A new report from cybersecurity firm Sophos has revealed that the education sector is achieving measurable success in combating ransomware, though these gains are coming at a significant personal cost to its IT professionals.

The fifth annual “State of Ransomware in Education” study, released recently, found that 97% of educational institutions that had their data encrypted in an attack were able to recover it.

This recovery is happening alongside a dramatic 73% drop in the average ransom demand, a decrease of $2.83 million.

The global survey of 441 IT and cybersecurity leaders who experienced a ransomware attack in the last year shows that lower education institutions saw their average ransom payment fall from $6 million to $800,000, while higher education payments dropped from $4 million to $463,000.

The broader cost of recovery also plummeted, down 77% in higher education and 39% in lower education.

The sector is also stopping more attacks before critical encryption can occur, with lower education reporting its highest success rate in four years at 67% and higher education at 38%.

However, this progress is shadowed by a steep human toll. The study found that 100% of institutions with encrypted data reported negative impacts on their IT staff.

Nearly 40% of respondents reported their teams suffered from heightened stress and anxiety, over one in four staff members took leave following an attack, and more than a third felt personal guilt for not preventing the breach.

The report cautions that serious security gaps remain, leaving schools vulnerable.

A significant 64% of victims reported having missing or ineffective protection solutions at the time of their attack, 66% cited a lack of staff expertise or capacity, and 67% admitted to having security gaps that were exploited.

The threat landscape is also evolving, with adversaries increasingly attempting to extort money without encrypting data.

The study highlights emerging AI-powered threats, with 22% of attacks on lower education originating from phishing, a tactic enhanced by AI for creating more convincing scams.

Higher education, a prime target due to its custody of valuable AI research data, reported that 45% of attacks exploited security gaps the provider was unaware of.

Speaking, the Director of CTU Threat Research at Sophos, Alexandra Rose, said: “Ransomware attacks on schools are among the most disruptive and brazen crimes.

“It’s encouraging to see schools getting better at responding and recovering, but the real opportunity is to stop attacks before they start. Prevention, backed by strong incident response planning and collaboration with trusted public and private partners, is essential as adversaries adopt new tactics, including AI-driven threats.”

The data for the report was gathered from a vendor-agnostic survey conducted between January and March 2025, involving IT leaders from educational institutions with 100 to 5,000 employees across 17 countries.