top of page
Search

What Catholic Schools Need to Know from the Sophos State of Ransomware in Education 2025 report

  • Writer: Justin St Pierre
    Justin St Pierre
  • 1 day ago
  • 3 min read

The cybersecurity landscape for Australian schools continues to evolve rapidly, with ransomware attacks representing one of the most significant threats to educational institutions. Based on survey data from 441 education IT and cybersecurity leaders across 17 countries who experienced ransomware attacks, the Sophos State of Ransomware in Education 2025 report reveals both encouraging progress and concerning vulnerabilities that directly impact how Catholic schools approach their cybersecurity strategies.


state of ransomware in Education 2025

The Good News: Schools Are Getting Better at Defense

Primary and secondary schools (classified as "lower education" in the study) have made remarkable strides in preventing successful ransomware attacks. An impressive 67% of attacks against schools were stopped before data could be encrypted—the highest success rate across all industries surveyed. This represents a dramatic improvement from just 14% in 2024.


Additionally, when attacks do succeed in encrypting data, schools show strong recovery capabilities. The report found that 97% of educational institutions that experienced data encryption were able to recover their information.


Five Critical Findings

1. Phishing Remains the Primary Gateway for Attackers

Phishing has become the leading attack method against primary and secondary schools, accounting for 22% of successful ransomware incidents. Unlike universities, which face more sophisticated technical vulnerabilities, schools primarily fall victim to human-targeted attacks. This means that staff training and awareness programs represent the first and most critical line of defense.


2. Resource Constraints Create Dangerous Vulnerabilities

42% of attacked schools cited both lack of expertise and insufficient staffing capacity as the primary reasons they fell victim to ransomware. This dual challenge reflects the budget constraints and staffing limitations that many Catholic schools face.


3. Recovery Costs Remain Substantial Despite Improvements

While lower education institutions saw a 39% reduction in average recovery costs compared to 2024, schools still face the highest recovery expenses of any sector at $2.28 million per incident. These costs encompass much more than ransom payments—they include staff time, system rebuilding, lost productivity, and the complex process of restoring normal operations while maintaining educational continuity.


4. The Human Toll on IT Teams Is Severe

The report found that 100% of schools experiencing data encryption reported significant negative impacts on their IT and cybersecurity staff. These effects include increased anxiety about future attacks (41%), ongoing workload increases (40%), and feelings of guilt about the incident (37%). The research also found that 31% of teams experienced staff absence due to stress and mental health issues related to attacks.


5. Ransom Payment Trends Show Mixed Results

Half of the schools that experienced successful attacks chose to pay ransoms to recover their data. While median demands dropped significantly from $3.85 million to $1.02 million, the decision to pay remains complex. Schools paying ransoms averaged 84% of the initial demand, though many were able to negotiate lower amounts through various strategies.



Actions to Consider


1. Implement Comprehensive Anti-Phishing Programs

Given phishing's role as the primary attack vector, consider exploring human-centered security training. This goes beyond annual compliance sessions to include:

  • Regular simulated phishing exercises across all staff levels

  • Specific training for high-risk roles like finance and administration staff

  • Clear protocols for verifying unusual email requests, particularly those involving financial transactions or sensitive student data

  • Integration of cybersecurity awareness into ongoing professional development programs


2. Develop Comprehensive Incident Response and Recovery Plans

With recovery costs averaging over $2 million, many Catholic schools cannot afford to improvise their response to ransomware incidents. Essential planning elements include:

  • Documented incident response procedures that clearly define roles and communication protocols

  • Regular testing of backup and recovery systems, including verification that restored data maintains integrity

  • Pre-established relationships with cybersecurity specialists, legal counsel familiar with Australian privacy laws, and communication professionals

  • Clear governance frameworks for ransom payment decisions that align with Catholic social teaching principles

  • Support systems for IT staff and the broader school community during and after incidents


The Path Forward

While ransomware remains a significant threat to Catholic schools, effective defense is achievable with proper preparation. The dramatic improvement in attack prevention rates shows that schools can successfully protect themselves when they implement appropriate measures.


The cybersecurity challenges facing schools are complex, but they are not insurmountable. With appropriate planning, investment, and collaboration, Catholic schools can maintain their technological capabilities while protecting the trust that parents and communities place in their care.


View the full report below


 

bottom of page