The education and nonprofit sectors together face a heightened cyber risk in 2024 compared to two years ago, according to Moody’s Ratings, a global credit rating provider.
Global cyber risk scores for education and nonprofit organizations bumped up from “moderate” to “high” between 2022 and 2024, Moody’s recently reported in its annual cyber heat map analysis. The highest score is the “very high” level.
Sectors including education are seeing their cyber risk scores rise as a steady rate of digitization risks remain coupled with weakened cyberdefenses. “Higher education institutions have become more vulnerable due to comparatively weak defenses,” analysts wrote in the report.
According to Moody’s, higher cyber risk scores are being driven by growing digitization — which produces an “extensive digital footprint potentially more vulnerable to a cyberattack” — and below-average mitigation of cyber risks.
Other sectors with higher cyber risk scores this year include automobile manufacturers and suppliers, finance companies, mass transit, ports, and oil and gas companies.
Overall, the 24 sectors in Moody’s high cyber risk category carry a total of $23.2 trillion in high-risk debt. Education and nonprofits collectively own $356 billion of that debt.
Moody’s also noted that education has reported one of the highest rates of ransomware attacks and that the costs of cyber incidents have more than tripled in the past year. “Entities in the education and not-for-profit sector are among the least prepared when it comes to protecting their network perimeters and executing basic cyber practices like multifactor authorization (MFA) and educating staff and students about cyber risk,” the report said.
The Moody’s findings come as ongoing calls for K-12 cybersecurity are amplified at the national and state levels, and as ransomware increasingly poses a threat to shutting down school networks and straining resource-strapped districts.
Where there is available federal funding for cybersecurity supports, the needs outweigh capacity.
For instance, the Federal Communications Commission recently announced that its new cybersecurity pilot program for schools and libraries saw “strong interest” during the application process this fall. The three-year, $200 million pilot program will offer to cover the costs for cybersecurity services and equipment. The FCC said it received 2,734 applications totaling $3.7 billion in requests.
“The vulnerabilities in the networks we have in our schools and libraries are real — and growing,” said FCC Chair Jessica Rosenworcel in a Nov. 8 statement. “The overwhelming response to our pilot program makes clear that the cybersecurity threats impacting school systems are widespread.”