The Severity of Cyber Attacks on Education and Research Institutions: A function of their security posture

John Chapman, Anitha Chinnaswamy, Alexeis Garcia-Perez

    Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

    7 Citations (Scopus)


    In recent years, all aspects of human life have become more and more dependent on the internet. This level of growing dependency for all purposes has led to a considerable number of cybercrimes resulting in innovative and dynamic attacks. Universities in recent years have not been immune to these incidents and Higher Education (HE) institutions are increasingly prone to cyberattacks as threat actors target the wealth of personal, financial, research and intellectual data universities possess. Although a lot of research has been undertaken on the impact of security breaches or incidents across a wide range of industries, there is limited literature on incidents affecting universities. Often, cyber security is regarded as the domain of IT specialists, with senior management and organisations not fully equipped to deal with the risks and attacks. It is becoming increasingly important to acknowledge that cyber security is not limited to the IT department but needs to be managed across an entire organisation. By analysing data previously collected by the Cyber Security Division of Jisc - the organisation that provides digital solutions for UK education and research, this research explores the cyber security of HE institutions. The original data set was complemented with network data from Jisc’s Janet network, including Denial of Service attack data, and from open source data from web searches and published university league tables and other UK status rankings. The quantitative analysis of the data allowed for the understanding of the challenges universities face and the factors that impact the severity of cyberattacks within the institutions. This research aims to determine if the posture of a university i.e. managerial, organisational and strategic aspects of an institution has an impact on the cyberattacks. It investigates the type and severity of attacks or breaches at institutions and whether there is a difference in number or severity if they have an information security certification. It further explores the institutional spend on security controls and evaluates the structure of the security team versus severity of attacks/breaches.

    Original languageEnglish
    Title of host publicationThe Severity of Cyber Attacks on Education and Research Institutions: Function of their Security Posture
    Subtitle of host publication13th International Conference on Cyber Warfare and Security
    EditorsJim Q. Chen, John S. Hurley
    PublisherAcademic Conferences and Publishing International Limited
    Number of pages9
    ISBN (Print)9781911218746, 9781911218739
    Publication statusPublished - 1 Jan 2018
    Event13th International Conference on Cyber Warfare and Security, ICCWS 2018 - Washington, United States
    Duration: 8 Mar 20189 Mar 2018


    Conference13th International Conference on Cyber Warfare and Security, ICCWS 2018
    Country/TerritoryUnited States


    • Cyber resilience
    • Cyber security
    • Cyber security management
    • Education
    • Higher education institutions

    ASJC Scopus subject areas

    • Computer Science Applications
    • Computer Networks and Communications
    • Safety, Risk, Reliability and Quality


    Dive into the research topics of 'The Severity of Cyber Attacks on Education and Research Institutions: A function of their security posture'. Together they form a unique fingerprint.

    Cite this