Universities, a prime target for cyber attacks, are seeing some relief because of the war in Ukraine
By: Conner Woodruff
Posted on:
ATHENS, Ohio (WOUB) — Universities are one of the most attractive targets for cyber attacks because of the wealth of digital information they store.
Though there has been a dramatic uptick in cyber breaches and hacking activity over the last few years, resulting in soaring prices for insurance, the war in Ukraine has given universities and their insurers a break from the pressure.
Over the last decade, organizations around the country have realized the value of strong cybersecurity insurance. With the pandemic forcing nearly all organizations to increase their online presence, universities have never been more exposed to the risk of fraud or internet thievery.
“There are constant attacks,” said Larry Wines, director of enterprise risk management and insurance at Ohio University. “At Ohio University we have $5 million in cyber liability coverage.”
Universities are prime targets for cyber attacks because they hold millions of records on individuals and organizations.
Many higher education institutions either had the minimum cybersecurity liability protection or none at all just five years ago, but the recent and expensive threat of ransomware made insurance a necessity.
Cost and number of attacks are soaring
Ransomware is a type of invasive computer programming that locks an organization’s files behind a paywall. The average ransom payment has nearly doubled in just one year, to over $1.5 million, according to “The State of Ransomware 2023,” a report by Sophos, a global cybersecurity company.
“About three to four years ago, ransomware really took off,” said Kevin Hewgley, senior vice president of financial services at Lockton Companies, an international insurance and risk management firm.
Ransomware attacks around the world are predicted to cost victims a collective $265 billion by 2031, with a new attack every two seconds, according to Cybersecurity Ventures’ “2022 Ransomware Market Report.”
Ransomware poses a bigger threat to universities than other organizations. Colleges are often tied to an area’s infrastructure and sometimes serve as a town’s only healthcare or essential service provider. Once a university has fallen victim to ransomware, all operations could stall.
“The implications of taking your system down are just so broad reaching,” Hewgley said. “Some schools have nuclear reactors or airports attached to them.”
Hewgley refers to these effects as “downstream losses,” where organizations lose more in the halting of business than the ransom demand itself.
Even before the pandemic lockdown, cybersecurity risks were viewed as one of the biggest threats to higher education nationwide. In a survey by United Educators, data security was considered the second biggest risk to higher education facilities in 2019-2020, second only to enrollment.
Lincoln College in Illinois was forced to close in May 2022 after suffering a ransomware attack.
Cybersecurity insurance rates skyrocketed nationwide in response to the growing threat, with many insurers hesitant to provide protection to universities that could be easily susceptible to an attack.
“Everybody was scrambling to try to maintain whatever coverage they had,” Hewgley said.
Hackers’ focus has shifted with war in Ukraine
But this year has seen a drop in cyber insurance rates because of the war between Russia and Ukraine.
According to Lockton Companies, many of the bad actors responsible for the ransomware infestation operate from the Russia/Ukraine region. With the conflict consuming both countries, many hackers have started using their software to attack enemy forces.
“We saw a dramatic drop in ransomware events in the West and in the EU (European Union),” Hewgley said. “Some would say that drop was up to 80%. It was significant.”
“We’re cautiously optimistic,” Wines said about the current state of the cyber insurance market.
Hewgley noted there could be a resurgence in ransomware attacks if the war in Ukraine dies down.
Looking ahead, experts say it’s important to be prepared for anything.
“We have to stay vigilant,” Hewgley said. “We’re constantly working to identify the next risks.”
The implications of artificial intelligence are concerning for insurance providers. With automated programs capable of forging invoices or deepfakes being used to get through facial recognition software, AI continues to be analyzed by insurers.