You have /5 articles left.
Sign up for a free account or log in.

Higher education institutions have increased their cybersecurity budgets as more universities fall prey to cyber attacks, Moody’s Investor Service says in a report.

The bond ratings agency reports that higher education institutions allocating a portion of their budget to cybersecurity increased more than 70 percent from 2019 to 2023.

Despite the new spending jump, universities still focus less on cyber spending than other institutions do. In 2023, the higher education sector’s average budget allocation was 7 percent for cybersecurity, below the global average’s 8 percent of spending.

Moody’s Global Cyber Risk Issuer Survey was released Wednesday, polling 114 universities from across the globe on their cybersecurity habits and spending. The last time the company conducted a cybersecurity-focused survey was in 2021.

Higher ed institutions have found themselves in cybersecurity turmoil over the last few years as hackers seek to gain access to faculty and student data. According to Moody’s, institutions that run research or medical centers are at particular risk of hacks, due to the financial and personal data.

While smaller institutions had a bigger jump in cybersecurity spending, they still trail behind larger universities. Roughly one-third of small institutions, or those with less than $250 million in cash and investments, had a dedicated line item to cybersecurity spending in their budgets. Comparatively, 84 percent of large institutions—those with $1 billion to $5 billion in cash and investments—had dedicated cybersecurity line items. More than 90 percent of “extra large” institutions—which have more than $5 billion in cash and investments—had a dedicated cybersecurity line item, according to the report.

Nearly all medium, large and extra-large institutions (95 percent) have a response plan should a cyber attack occur, while 83 percent of small institutions could say the same.

Part of that could be attributed to larger institutions having dedicated staff focused on cybersecurity. According to the report, 100 percent of large and extra-large institutions have cyber staff. That dips to slightly less than 90 percent for medium institutions, or those with $250 million to $1 billion in cash and investments. Small institutions have an even larger drop, with roughly 65 percent having dedicated staff.;