Colleges and universities are fast-growing cyber risk

Institutions of higher learning are a goldmine for hackers and identity thieves, as they are the guardians of their students’ most personal information – their identity. Gathering and storing the highly sensitive information of thousands of current and former students – with a new set of personal data collected annually– colleges and universities have quickly become one of the fastest growing cyber risks in the U.S.

Two big cyber liabilities plague university campuses. Limited security budgets and the lack of an official IT security manager means that IT operations at higher ed institutions are often decentralized, creating dangerous inconsistencies in data security practices. Secondly, unprotected public wireless access points across university campuses make its network more vulnerable to hacking.

Higher education institutions now account for as much as 17% of all cyber breaches, second only to healthcare.1 According to University Business Magazine, since 2005, higher education institutions – including Harvard, Penn State and the University of Maryland - have been the victim of 539 university data breaches involving nearly 13 million known records2 like students’ birth dates, social security numbers, credit card data and even medical information.

But, beware colleges and universities – you have to answer to more than just your students and board of directors these days. New federal laws, like the Family Education Rights & Privacy Act (FERPA), are challenging schools to tighten their networks and data exposures. Applying to all schools that receive federal funding, recent proposed amendments to FERPA include:

  • Schools must maintain and make available a list of all outside companies that have access to student information
  • Parents have the right to review and correct personal information collected about their children by educational apps, online homework software or any other school vendors
  • Minimize the amount of personal details disclosed about students to companies
  • Prohibit the use of students’ personal information to market products or services to them
  • Require data security safeguards to protect sensitive student data collected by companies

The financial and reputational costs that threaten colleges and universities lacking proper network security can be debilitating. Higher ed can reduce its cyber security risks and potential university data breaches by working with a skilled broker to assess network vulnerabilities, audit data security practices and institute a cyber liability insurance program to protect student and staff data campus-wide.


1. Ellucian. http://www.ellucian.com/uploadedImages/Images/Blog/DataDefense-infographic.png
2. University Business Magazine. https://www.universitybusiness.com/article/0816-wisp