Since 2000, cyber-related cases in the higher education sector have skyrocketed, reaching an all-time high in 2012, dropping slightly in 2013, and rising again in 2014. To date in 2015, there have been 27 cases affecting colleges and universities. By all measures, this is an at-risk segment of the marketplace, owing to the significant amount of data, research, and sensitive financial and health information tracked and collected.
While colleges and universities maintain a wide variety of information, the most commonly reported information lost relates to personal financial identities, according to Advisen’s Loss Insights Database. Violation of personal privacy follows relatively close behind, while loss of business income or corporate digital assets comprises only a small amount of cases. This likely reflects both the laws and regulations requiring disclosure of exposure of personally identifiable information and the difficulty in quantifying the intellectual assets that can be lost when an academic organization suffers a security breach. The next graph reflects the cases faced by universities that lose data.
Not surprisingly, the most frequent cases that arise from lost data in the higher ed field are digital data breach cases, system/network violations, and improper disposition of printed records, according to Advisen data. Universities appear to have less of a problem with phishing scams or violation of privacy and improper collection of data. Universities maintain digital reams of data – students and faculty are generally aware of it and fine with the collection.
Illustrating the type of data lost, hacked or otherwise exposed servers are the most frequent sources of loss – a computer network containing sensitive data, with many users and many user-related vulnerabilities, may seem to be an easy target for hackers. It can also result in accidental losses, should a laptop, thumb drive, or hard drive be misplaced. Websites and emails were the second and third-most frequent cause of loss, according to Advisen data.
With the significant cyber problems faced by universities in the last decade, the steady increase in take-up rates for cyber insurance by the sector comes as no surprise. With the primary cases faced by the higher education field being data breaches, accidental or via hackers, the cyber insurance products have evolved to meet the specific need for the cost of remediating such events.
