Education Sector Strengthening Against Ransomware, but IT Teams Pay Personal Price: Sophos

• 15 Sep 2025
• TM Team
• 0 Comments

Sophos, a global leader and innovator of advanced security solutions for defeating cyberattacks,  released its fifth annual Sophos State of Ransomware in Education report. The global study of 441 IT and cybersecurity leaders shows the education sector is making measurable progress in defending against ransomware, with fewer ransom payments, dramatically reduced costs, and faster recovery rates. Yet, these gains are accompanied by mounting pressures on IT teams, who report widespread stress, burnout, and career disruptions following attacks – nearly 40% of respondents reported dealing with anxiety.

Over the past five years, ransomware has emerged as one of the most pressing threats to education – with attacks becoming a daily occurrence. Primary and secondary institutions are seen by cybercriminals as “soft targets”—often underfunded, understaffed, and holding highly sensitive data. The consequences are severe: disrupted learning, strained budgets, and growing fears over student and staff privacy. Without stronger defenses, schools risk not only losing vital resources but also the trust of the communities they serve.

Indicators of Success Against Ransomware

The new Sophos study demonstrates that the education sector is getting better at reacting and responding to ransomware, forcing cybercriminals to evolve their approach. Trending data from the Sophos study reveals an increase in attacks where adversaries attempt to extort money without encrypting data. Unfortunately, paying the ransom remains part of the solution for about half of all victims. However, the payment values are dropping significantly, and for those who have experienced data encryption in ransomware attacks, 97% were able to recover data in some way. The study found several key indicators of success against ransomware in education:                                                           

Stopping More Attacks: When it comes to blocking attacks before files can be encrypted, both lower and higher education institutions reported their highest success rate in four years (67% and 38% of attacks, respectively).

Following the Money: In the last year, ransom demands fell 73% (an average drop of $2.83M), while average payments dropped from $6M to $800K in lower education and from $4M to $463K in higher education.

Plummeting Cost of Recovery: Outside of ransom payments, average recovery costs dropped 77% in higher education and 39% in lower education. Despite this success, lower education reported the highest recovery bill across all industries surveyed.