Security Conference 2025: why it’s time to act on tackling cyber threats
Cyber threats demand UK education and research institutions build resilience, enforce governance, and respond swiftly to protect students, assets, and operations.
The UK has never been more vulnerable to attack by cyber criminals. High-profile incidents like the M&S hack make national headlines, but every day thousands of attempts are made to breach the security of businesses, individuals and educational institutions.
At Jisc, we urge our members to operate under the assumption that their organisation has already been breached - because only by confronting this reality can they take decisive, immediate action to fortify their digital infrastructure.
"Attacks are becoming more frequent, more sophisticated, and more disruptive."
The UK government recently issued a ministerial letter to boards and CEOs nationwide, underscoring the growing scale and seriousness of hostile cyber activity. The message was clear: attacks are becoming more frequent, more sophisticated, and more disruptive, and organisations must strengthen their resilience now, not later.
It urges leaders to treat cyber risk as a core strategic priority and to use the new Cyber Governance Code of Practice as their guide. The Code outlines the essential steps boards and executives should take to ensure strong cyber resilience, from establishing clear accountability and oversight, to ensuring the organisation can respond to an attack, maintain critical services during disruption, and recover quickly and safely after a major incident.
The letter says that more than 90% of company boards now recognise cyber security as a critical priority – but just recognising the threat is not enough. In the words of the government’s ongoing campaign around the issue, it’s time to act.
The hardest challenge in cyber security
At Jisc, we often describe safeguarding the education and research sector as one of the most complex challenges in cyber security. The sector’s diverse technology landscape, legacy systems in some areas, and varying levels of cyber maturity create a broad and dynamic attack surface. Add to this the constant movement of users, peaks of intense operational activity such as admissions and clearing, and the presence of highly valuable research and personal data, and it becomes clear why the sector faces persistent and evolving cyber risks.
"Education and research is a sector like no other, and so it needs a unique approach to cyber security."
Yet these same characteristics also make the sector innovative, open, and collaborative. Strengthening resilience is not just about addressing vulnerabilities—it’s about enabling institutions to continue advancing education and research with confidence.
The financial impact of cyber incidents is significant. In 2024/25, our cyber protection systems handled 367 billion potential queries served across the UK tertiary education and research sector. The average cost to an institution of a major incident is around £2 million – and when spread across an average student and staff population of 12,500, that equates to around £157 per person.
Education and research is a sector like no other, and so it needs a unique approach to cyber security.
We are uniquely positioned to support you
We are not just a service provider, but an expert technology partner, fully embedded in the education and research community.
Our mission is to strengthen the collective cyber resilience of the UK’s tertiary education and research sector, giving institutions the tools, expertise, and support to protect themselves against increasingly sophisticated threats. Our Security operations centre (SOC) represents the gold standard in proactive threat prevention and response for the sector.
Our not-for-profit model frees us from commercial constraints and allows us to work constructively with vendors, negotiate collective licensing terms on behalf of members and reinvest into improving services and security capabilities.
At the heart of our offering is the unique Janet Network, the UK's national research and education network (NREN). Janet is the UK’s most secure, high-capacity network – engineered for performance, resilience, and sector-specific needs.
Janet gives us a significant advantage over other SOC providers, as we effectively act as your institution’s ISP with oversight of the whole network. We have complete visibility of incoming threats, for example with the ability to respond to a hacking attempt on one university by deploying defences to all our members.
Our partnerships with global threat intelligence partners ensure our SOC matches or exceeds the detection and prevention capabilities of commercial providers, and our in-house expertise is enhanced by threat intelligence from a sector-wide cyber community sharing information across institutions.
Join us at Security Conference 2025
Cyber resilience as the foundation that provides sustainable growth for institutions is the theme for our Security Conference 2025. The event, held on 25 and 26 November at Manchester Central, with selected sessions available online, will bring together IT, security and digital leaders from across education, research and the public sector to gain actionable insights, connect with peers and explore solutions to strengthen resilience.
We’re hosting a key session at the Security Conference for those interested or currently using our SOC to learn more. We’ll explore our SOC’s evolution, threat trends, and the roadmap for the future.
Claim your free Security Conference 2025 tickets
All Jisc members and customers are eligible for two free in-person tickets to this year’s event, with in-person registration set to close on 19 November. Find out more by contacting your relationship manager.
About the author