SCHOOLS and universities worldwide saw a sharp rise in cyber incidents last year, driven by geopolitical tensions, ransomware and hacktivism, according to Quorum Cyber. The firm’s 2026 Global Cyber Risk Outlook for Higher Education is compiled from FalconFeeds[.]io threat intelligence data covering the period November 2023 to October 2025 and shows total recorded incidents increasing 63% from 260 attacks between November 2023–October 2024 to 425 in November 2024–October 2025.
Across 67 countries, data breaches rose by 73%, hacktivist activity increased by 75% and ransomware went up by 21%. The threats come from various sources, with universities facing nation-state efforts to steal high-value research materials, and rising hacktivist-related DDoS attacks, defacement and data-leak threats, including ramping up of activity from Iranian threat actors.
Infostealer malware and financially motivated ransomware remained persistent, with FunkSec (23%), Cl0p (10%), INC (10%) and Nova (10%) among the most prolific groups. Ambrose Neville of Queen Mary University of London noted that attacks aim to interrupt teaching, research and day-to-day operations, emphasising the sector’s need for security resilience and early threat spotting.