two female students walking with books
News

Cybersecurity knowledge grows, but practice lags behind

Knowledge of information security within the education and research sector has grown, but there remains a need for concrete support. That is one of the conclusions of the security and privacy awareness survey SURF and BDO Cybersecurity conducted among 27 institutions. The survey contains concrete advice that institutions can implement immediately.

The survey shows that employees in education and research mainly want clarity on how to process sensitive data and which tools they can use to do so. In addition, they indicate that they do not know how to report security incidents and data breaches.

Importance clear, urgency lacking

Although respondents recognise the importance of information security, many of them do not feel enough urgency to take concrete action. This is partly due to the lack of a strong security culture. Some respondents say it would help if security and privacy rules were less non-committal.

Concrete advice for institutions

With the following advice from the report, you can immediately start working within your institution to increase awareness around cybersecurity:

  • Align awareness campaigns with the daily work of your staff, so they recognise situations.
  • Make reporting incidents or data breaches as easy as possible, for example by posting short instructions at workstations.
  • Invest in training on specific topics, such as dealing with personal data, and thus strengthen the security culture.
  • Make security and privacy an integral part of the onboarding process of new employees.

About the awareness measurement

In 2024, over 6,300 respondents from 27 institutions (wo, hbo, mbo, libraries and research institutes) took part in SURF and BDO Cybersecurity's fourth cybersecurity awareness survey. The average score of participating institutions was a 6.7, slightly better than the 6.5 in 2023. In 2022, the score was still a 5.9.

Download the survey
Security- en privacy-awarenessmeting 2024

October = cybersecurity month

In the month of October, organisations worldwide pay extra attention to cybersecurity (awareness). On the SURF Security Expertise Centre website, you will find an overview of all activities and interesting content. We will continuously update the overview during the month. If you want to start an awareness campaign within your institution, use SURF's Cybersave Yourself.