Report

Cyber security posture surveys

Gauging how the UK education and research sectors are dealing with the evolving threat of cyber attacks.

Since 2017 we've asked our members and customers their attitudes to cyber security and what technical measures, processes and skills are in place to minimise risk. 

This data helps steer Jisc’s future work in cyber security. It informs decision-making on new services, and the type of advice and guidance we provide. Our aim is to support sector leaders’ efforts to build robust cyber security strategies. 

Key findings from 2022

  • Cyber security remains a priority for senior leaders: a high proportion (97% of HE and 94% of FE providers) include cyber-security on their risk register and regularly report on cyber risks and resilience to their executive board (87% of HE and 79% of FE organisations)
  • The numbers of organisations with dedicated cyber-security staff continues to rise in HE, with 90% reporting specialist roles, but the figure remains low in FE providers (33%)
  • Ransomware/malware is identified as the top threat to HE, with phishing/social engineering second. These places are swapped for FE. Unpatched vulnerabilities are third for both HE and FE
  • With accidental data breaches ranking fourth on the list of threats, security awareness training for staff remains a priority, with a high proportion in HE and FE required to undertake this every year. Student training, however, is again less common

Download the latest surveys

Higher education

Further education

Previous cyber posture survey reports

You can access the earlier years of the survey by contacting your relationship manager.

About the author

john chapman profile
Dr John Chapman
Director information security policy and governance

I have oversight and responsibility for policy and governance related to information security, data and advice and guidance concerning wider regulatory issues that are relevant for Jisc, the Janet network and our members.