Educational institutions, from primary schools to universities, face a dramatic increase in cyberattacks. According to a 2025 report by the British Educational Suppliers Association, 78% of UK schools and universities experienced at least one security incident in the past year. The situation in France is scarcely better: prestigious universities like Sorbonne Université and the University of Poitiers suffered major ransomware attacks in 2024 and 2025. These attacks reveal a structural vulnerability: educational institutions typically have limited IT budgets and operate vast, heterogeneous networks difficult to secure uniformly.

Operational and academic impacts

The consequences of a ransomware attack on an educational establishment go far beyond financial considerations. An attacked institution cannot access student databases, cannot process registrations or issue diplomas. Classes are postponed, exams cancelled, student records inaccessible. A medium-sized French university estimated its recovery cost following a 2024 attack at 2.3 million euros, not counting reputational damage. For students, attacks have direct consequences: delays in diploma receipt, blocked access to online learning resources, loss of research work. Research universities are particularly affected: research data represents immense value and can be lost or exfiltrated.

Why educational institutions are preferred targets

Several factors make educational institutions attractive to cybercriminals. First, their IT infrastructure is complex and heterogeneous: hundreds of workstations, diverse and often legacy information systems, open connections to facilitate academic access. Second, they store sensitive data: student personal information, research data, intellectual property. Third, they are perceived as having limited defensive capacity and little willingness to pay ransoms, making them “easy” targets. Finally, SCADA systems used for building management (heating, electricity, climate control) often constitute secondary entry points into main networks.

Solutions and compliance

Facing these threats, institutions must implement multi-layered security strategies. This includes network segmentation, regular offline backups, user training and regular access audits. French higher education has supporting bodies: CNIL provides recommendations, and GIP-RENATER supplies secure network infrastructure for universities. However, funding remains a major obstacle. A dedicated investment plan for cybersecurity in education is needed to modernise ageing infrastructure and hire qualified IT security staff.