Cyber-attacks against UK education and research are growing more complex and sophisticated
A Jisc report shows that the number of major cyber-attacks faced by universities and colleges decreased in 2025, but the remainder require more sophisticated defence.
Our annual cyber threat intelligence report indicates growing professionalism and state sponsorship of cyber crime, further exacerbated by criminals’ adoption of artificial intelligence.
As the UK’s National Research and Education Network (NREN), we provide the Janet Network to higher education providers (HE), further education colleges (FE), and research establishments, a security operations centre (SOC), and a cyber security incident response team (CSIRT) for education and research facilities. This gives us oversight of cyber incidents and attacks against the UK education and research sector and a role in notifying universities and colleges of incidents and vulnerabilities.
Statistics in the threat intelligence report show seven major incidents recorded across HE, FE and research in 2025, down from 17 in 2024, although total incidents rose from over 11,000 to over 16,000. Distributed denial of service (DDoS) attacks fell from 976 to 418, but our analysis found an increase in attacks using more powerful and sophisticated techniques. HE providers accounted for the majority of targets with fewer attacks against FE and research institutions.
In a blog about our cyber security threat predictions, David Batho, director of security at Jisc, said:
“Cyber threats will continue to evolve in 2026, but understanding how and why they are changing is the first step to managing risk. By focusing on people, identity and resilience, our sector can strengthen its collective defences and stay ahead of an increasingly complex threat landscape.”
Cyber posture survey
Action taken by institutions to mitigate cyber-attack risks are summarised in a further report on our cyber posture survey, released to cyber security contacts at education and research institutions today. The survey of cyber security professionals revealed that ransomware and phishing remain the top threats across both HE and FE, with AI‑enabled threats now emerging more clearly.
The survey shows that 92% of HE providers benefit from dedicated cyber security staffing, reflecting their position as significant targets of cyber-attacks. Facing constrained resources, only 37% of FE colleges reported employing dedicated cyber security staff, with responsibilities often taken on by general IT managers.
Paul Knee, head of security operations at Jisc, said:
“The intellectual property generated by HE and research is an essential part of the UK economy and the IT used in its generation and dissemination is critical national infrastructure. Education and research establishments are the focus of deliberate cyber-attacks and the cyber posture survey reveals that organisations take their cyber security responsibilities extremely seriously. Jisc is here to empower organisations to fulfil those responsibilities. We’re pleased to see more and more professionals joining the Jisc cyber security community group and urge all HE, FE and research members to take up the cyber security services we provide as part of Jisc membership.”
The full threat intelligence report is available to members of our cyber security community group. Results of the cyber posture survey are shared directly with Jisc member organisations and sector-wide reports are shared with the cyber security community. The cyber security community group will be represented at next month's Digifest 2026.