December 7, 2020

Malwarebytes Finds Schools and Students Vastly Underprepared for Pandemic Cybersecurity

Survey shows more than 50 percent of schools required no new training or tools to protect students or staff during pandemic learning conditions

San Francisco, Calif. – December 7, 2020 – MalwarebytesTM, a leading provider of advanced endpoint protection and remediation solutions, today announced the results of their latest report, “Lessons learned: How education coped in the shift to distance learning,” detailing data from 500 students and 75 IT decision-makers at educational institutions to shed light on the state of cybersecurity in education during the COVID-19 pandemic. The report contains startling findings including a stark lack of training for the new learning environments and a large discrepancy between student and IT decision-maker experiences with cyberevents such as cyberattacks.

“Students during the pandemic are struggling with digital access, engagement and a severe sense of isolation. Cybersecurity should be the least of their concerns, and yet, it’s concerning to find that nearly half of educational institutions show a lack of preparedness,” said Marcin Kleczynski, CEO of Malwarebytes. “It is essential that schools – and all organizations – stop viewing cybersecurity as an afterthought; protecting our students and their data online should be a top priority for educators.”

The report uncovered that cybersecurity preparation made a significant difference in a school’s ability to weather a cybersecurity event. For respondents who engaged in a variety of cybersecurity best practices before transitioning to a distance learning model, none suffered a cyberattack, and none cancelled a single day of distance learning because of a cyberattack.

18.2 percent of these more well-prepared respondents said “teachers or students have suffered a Zoom-bombing attack” compared to the 29.3 percent of all respondents.

In addition, the report revealed major inconsistencies in the perceived experiences between IT decision-makers and students. A remarkably low number of IT decision-makers said their schools suffered a cyberattack—just 2.7 percent—and yet, 46.2 percent of students said their schools suffered a cyberattack. This statistic of students experiencing a cyberattack is even more important as they look to enroll in universities or private schools because 61 percent of students reported that a cyberattack resulted in a significant or strong impact on their trust in their school.

Other key findings from the report include:

  • 50.7 percent of IT decision-makers said that no one (not students, staff or faculty) was required to enroll in cybersecurity training before the new school year began
  • 46.7 percent of IT decision-makers said their schools developed “no additional requirements” for the students, faculty, or staff who connected to the school’s network (no cybersecurity training AND no antivirus tool installations)
  • Nearly three quarters (70.7 percent) of schools deployed new software needed for distance learning, such as Zoom, Remind, and Google Classroom
  • In preparing for the new school year, 30.7 percent of schools admitted to not being able to provide for all teachers, administrators, and staff members to work remotely, while 45.3 percent of schools could not provide all the devices needed for every student to attain an equal quality of education
  • With distance learning in full swing, concerns remain with device shortages:
    • 28 percent of IT respondents said their schools are missing laptops, computers or tablets for teachers
    • 40 percent are missing those tools for parents and students
    • 38.7 percent worry that teachers or students are too quickly using up the data on school-provided WiFi hotspots

Methodology: For this report, Malwarebytes conducted two parallel surveys. The first survey targeted 75 IT decision-makers at educational institutions across the United States. The second survey targeted 500 students enrolled in K–12; students working on obtaining a bachelor’s degree, associate’s degree, or attending trade school; and students enrolled in any post-graduate program in the United States.

For the access to the full report, “Lessons learned: How education coped in the shift to distance learning,” visit:

To read more about Malwarebytes visit their blog or website at

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.