More than half of UK universities have reported at least one data breach to the Information Commissioner’s Office (ICO) over the last year, according to a report from managed security services provider Redscan.

According to 86 respondents of 134 UK universities approached by Redscan for Freedom of Information requests in March 2020, there were two ICO reports on average per university, with two of them reporting six each.

The report found that a quarter of universities have not commissioned a penetration test from a third-party provider. In addition, only 54% of university staff have received training in security, with spending averaging £7,529 per year. While 51% of universities proactively support students with security training and information, 12% provide students no guidance at all.

The report cites that leading research-focused universities contributed nearly £87 billion to the UK economy (according to a 2017 study by London Economics) and, as guardians of intellectual property and student data, universities are prime targets for both cybercriminals and nation states.

Moreover, says the report, with COVID-19 placing a strain on finances – and 65% of students reporting that they would be less likely to apply to institutions with a poor reputation for cyber security (HEPI, 2019) – cyber security is a significant risk.

“Even at this time of intense financial pressure, institutions need to ensure that cyber security teams receive the support they need to protect against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding,” says Mark Nicholls, Redscan CTO.