October 6, 2022
Most of the colleges whose debt S&P Global Ratings evaluates say they haven’t had a serious data breach, but institutions should still invest in steps to mitigate risks in the face of increasing and evolving cyberattacks, it said in a recent report.
Only 13% of institutions with cyber insurance in S&P’s portfolio reported a data breach because of a cyberattack.
Cyber insurance policies are getting more expensive for the higher ed sector. Policy renewals are typically increasing prices by between 40% and 60%, with some premium increases hitting the triple digits, S&P said.
Warnings about cyberattacks targeting colleges come from all sides. Corporate experts suggest ways to stave off breaches. Companies publish research about the sector’s lack of readiness. The FBI has flagged university login credentials being for sale online.
If that’s not enough to get leaders’ attention, additional reminders of the issue come in the form of a steady drip of colleges sharing news that they’ve been hacked.
S&P’s report, issued at the end of September, looks at the issue from the perspective of financial risk. The ratings agency looked at 447 colleges whose debt it evaluates, giving insight into financial and governance considerations that can insulate bondholders from risk — or expose them.
More than half of those institutions have cyber insurance. On average, their coverage limit is $7.8 million, S&P found.