What the new study says
Sophos’ latest State of Ransomware in Education report shows schools are getting better at reacting and recovering after incidents. In the past year, lower education institutions stopped 67 percent of attempted file encryptions before impact, and higher education stopped 38 percent. Ransom demands fell sharply, and average payments dropped to 800,000 dollars in lower education and 463,000 dollars in higher education. Outside ransom, recovery costs plunged, yet lower education still faced the highest recovery bill of all industries surveyed. Nearly all victims that experienced encryption, 97 percent, recovered data in some way.
The progress comes with trade-offs
Attackers are adapting, including more cases of pure extortion without encryption. Schools continue to report structural weaknesses, including missing or ineffective protection, limited headcount and expertise, and known security gaps that remain unaddressed. Lower education institutions traced 22 percent of incidents to phishing, a reminder that AI now helps craft convincing emails, voice scams, and even deepfakes. In higher education, adversaries exploited unpatched vulnerabilities and unknown security gaps with uncomfortable frequency, which aligns with the sector’s role as custodian of high value research data and models.
The human cost is rising
Every institution that suffered encryption reported impacts on IT staff. Over one in four staff members took leave, nearly 40 percent reported heightened stress, and more than a third felt guilt for not preventing the breach. As Sophos’ Alexandra Rose notes, prevention must be the priority, and that requires planning and trusted partners, especially as AI driven tactics spread.
Why this matters for Kenya and Africa
Local schools and universities are digitising fast, which increases exposure. Kenya’s broader cyber risk picture has already been trending up, with rising ransomware activity and significant economic impact. Stronger controls in education will protect learning continuity, budgets, and community trust. Kenya’s privacy regulator has also shown willingness to penalise mishandling of student data, including cases involving minors, a signal that governance and security must advance together.
What schools can do now
1. Double down on prevention
Consolidate tools where it reduces blind spots and speeds action. Recent changes that bundle prevention-first endpoint controls directly into detection and response platforms can cut time to containment, reduce tool sprawl, and improve ransomware defenses.
2. Close visibility gaps
Continuously map both external and internal attack surfaces, then remediate exposures on a rolling cadence. Newer managed risk approaches integrate internal scanning with MDR expertise to shrink the blind-spot gap that fuels many intrusions.
3. Plan for recovery, not only defense
Backups must be isolated, tested, and fast to restore. Integrations that bring Microsoft 365 backup and recovery into the same security console that analysts use can reduce chaos during an incident and speed return to learning.
4. Fund smarter, train continuously
Pursue grants and public programs that improve resilience, including skilling for IT staff and end users. Prior efforts that targeted school security and cyber education show how outside funding can lift readiness.
5. Reduce staff burden
Round-the-clock monitoring, rapid response, and runbooks relieve pressure on small teams. Managed detection and response, tabletop exercises, and incident rehearsals help teams recover quickly when an attack lands.
Mind the skills gap
Education faces a capacity shortfall. Building local talent pipelines matters, from school programs to professional mentorships that bring more people into cyber careers across East Africa.
Methodology at a glance
Findings are based on a vendor-agnostic survey of 441 IT and cybersecurity leaders across 17 countries, conducted between January and March 2025, covering incidents in the previous 12 months. Respondents represented both lower and higher education, from 100 to 5,000 employees.
Discover more from Techish Kenya
Subscribe to get the latest posts sent to your email.
