More than half of UK universities reported a data breach to the Information Commissioner’s Office (ICO) last year, according to a new report from security firm Redscan.
The company delivered Freedom of Information (FoI) requests to 134 universities in the country and received confirmation of an incident from 86. Of those that did respond, almost half employ staff that have received no cybersecurity training.
On average, universities spend less than $10,000 a year on security training; some spend nothing at all, while others spend up to $63,000. One top Russell Group university, meanwhile, admitted it has trained only 12 percent of its staff.
On average, UK universities employ three qualified cybersecurity professionals and almost a quarter of institutions have not hired a third party to conduct a penetration test.
According to the report, roughly half of universities are proactive in their approach, providing security training and information to students.
For Mark Nicholls, CTO at Redscan, the lack of training and penetration testing should be a source of concern.
“These are foundational elements of every security program and key to helping prevent data breaches,” he explained.
“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organizations’ reputation and funding.”
“The threat posed to universities by nation state attackers makes the need for improvements even more critical. The cost of failing to protect scientific research is immeasurable.”