
The global education sector is turning the tide against cybercriminals, according to Sophos’ latest State of Ransomware in Education 2025 report. The study of 441 IT and cybersecurity leaders reveals that schools are recovering faster, paying less, and blocking more ransomware attacks than ever before.
Sophos found that 97% of education institutions hit by ransomware were able to recover encrypted data, marking a major leap in resilience. Average ransom payments have fallen sharply—from millions to under US$1 million—and recovery costs dropped up to 77% for higher education. Lower education institutions also reported their best-ever rate of blocking attacks before encryption, stopping nearly two-thirds of them.
Still, challenges persist. Nearly 70% of schools admitted to security gaps, lack of expertise, or missing tools. The rise of AI-powered phishing and deepfake scams now threatens to undo recent gains. Sophos warns that education remains a “testing ground” for evolving cyber tactics, especially with schools handling sensitive student records and high-value research data.
“Ransomware doesn’t just disrupt classrooms—it disrupts communities,” said Alexandra Rose, Sophos Director of Threat Research. “The real win is stopping these attacks before they start.”
Leave a Reply