Since 2017 we've asked our members and customers their attitudes to cyber security and what technical measures, processes and skills are in place to minimise risk.
This data helps steer Jisc’s future work in cyber security. It informs decision-making on new services, and the type of advice and guidance we provide. Our aim is to support sector leaders’ efforts to build robust cyber security strategies.
Key findings from 2022
- Cyber security remains a priority for senior leaders: a high proportion (97% of HE and 94% of FE providers) include cyber-security on their risk register and regularly report on cyber risks and resilience to their executive board (87% of HE and 79% of FE organisations)
- The numbers of organisations with dedicated cyber-security staff continues to rise in HE, with 90% reporting specialist roles, but the figure remains low in FE providers (33%)
- Ransomware/malware is identified as the top threat to HE, with phishing/social engineering second. These places are swapped for FE. Unpatched vulnerabilities are third for both HE and FE
- With accidental data breaches ranking fourth on the list of threats, security awareness training for staff remains a priority, with a high proportion in HE and FE required to undertake this every year. Student training, however, is again less common