Sophos, a leader in security solutions, has released its fifth annual report on ransomware in education. This global study of 441 IT and cybersecurity leaders shows that academies are getting better at dealing with ransomware attacks. They are making fewer ransom payments, spending less money, and recovering more quickly after attacks. However, working in IT has become really stressful for many people, with almost 40% saying they feel anxious after these attacks.
Over the last five years, ransomware has become a major problem for academies. Cybercriminals see primary and secondary schools as easy targets because they often have limited budgets and staff, but still hold sensitive information. When cyberattacks happen, they cause serious issues for academics, such as interrupted learning and privacy concerns for students and staff. If schools do not strengthen their defences, they risk losing essential resources and the trust of their communities.
The Sophos study shows that academies are improving their response to ransomware attacks, which is making criminals change their tactics.
Key findings from the study include:
Stopping More Attacks: Academies are better at blocking attacks before they can encrypt files. In lower education, 67% of attacks were stopped, and in higher education, 38% were blocked.
Lower Ransom Demands: In the last year, ransom demands fell 73%. For example, average ransom payments decreased from $6 million to $800,000 in lower education and from $4 million to $463,000 in higher education.
Reduced Recovery Costs: The costs to recover from an attack have also gone down. In higher education, recovery costs fell by 77%, and in lower education, they dropped by 39%.
Areas That Still Need Attention
Even though there is progress, there are still important issues to tackle. The study revealed: –
Lack of Protection: 64% of victims reported having missing or ineffective security solutions.
Need for Expertise: 66% mentioned they didn’t have enough skilled people to prevent attacks.
Security Gaps: 67% acknowledged having weaknesses in their security systems. Highlights of ongoing risks include:
AI-Powered Attacks: In lower education, 22% of ransomware attacks started from phishing emails, which are becoming more convincing due to AI technology.
Valuable Data: Higher education institutions, which manage important research and data, are still major targets. Many attacks were due to unknown vulnerabilities or gaps in security.
Impact on Staff: Most institutions with encrypted data reported stress on their IT staff. Over a quarter took leave after an attack, nearly 40% felt more stressed, and one-third felt guilty for not preventing the attack.
View/Download Full Report “The State of Ransomware in Education 2025“
“Ransomware attacks in education don’t just affect classrooms; they impact entire communities,” said Alexandra Rose, Director of CTU Threat Research at Sophos. “While it’s good to see academies getting better at responding, the main goal should be to prevent these attacks. This requires careful planning and teamwork with trusted partners, especially as criminals start using new tools, like AI.”
Also Read: Cybersecurity & IT in 2025: AI Arms Race, Passwordless Future, and a $1 Billion Security Push