Higher Education: 2023 Sensitive Content Communications Privacy and Compliance
Industry Findings and Takeaways
Communication Tools in Use
Less than 4
Average Annual Budget for Communication Tools
$350,000 – $499,999
$250,000 – $349,999
$150,000 – $249,999
$100,000 – $149,999
Number of Third Parties With Which They Exchange Sensitive Content
2,500 – 4,999
1,000 – 2,499
Less than 999
Attack Vector Weighted Score (based on ranking)
Denial of Service
Zero-day Exploits and Attacks
Man in the Middle
Malware (ransomware, trojans, etc.)
Exploits of Sensitive Content Communications in Past Year
7 – 9
4 – 6
2 – 3
Level of Satisfaction With 3rd-party Communication Risk Management
Requires a New Approach
Significant Improvement Needed
Some Improvement Needed
Minor Improvement Needed
Higher Education: A Prime Target for Cybercriminals and Rogue Nation-states
Higher education institutions are increasingly falling victim to cyber threats instigated by rogue nation-states and cybercriminals. Check Point reported a year-over-year increase of 43% in cyberattacks on the education sector.1 An abundance of personally identifiable information (PII) and intellectual property (IP), which includes national and industrial secrets and research data, is a veritable goldmine for these malicious actors. A GAO report last year found that higher education institutions with research contractors connected to the federal government and defense industrial base organizations have a serious risk of sensitive data being shared with the home countries of students and scholars studying at U.S. universities.2
Fragmented Tool Landscape Increases CapEx and OpEx
Communication tool disaggregation is one of the contributing factors behind cyber risk in higher education. Kiteworks’ 2023 Sensitive Content Communications Privacy and Compliance Report found that 91% of higher education institutions employ five or more tools for managing sensitive content communications. Disparate tools make it immensely more difficult to establish policies to track and control access to sensitive content. For higher education institutions that need to demonstrate compliance, this siloed approach makes it immensely more difficult to confirm adherence with security standards and regulatory compliance. Finally, acquiring and overseeing multiple toolsets escalates capital expenses (CapEx) and operating expenses (OpEx)—with nearly three-quarters of higher education survey respondents indicating they spend $250,000 or more annually on communication tools.
Almost 9 out of 10 higher education respondents experienced four or more exploits of sensitive content communications in the past year, highlighting a significant security concern.
Assessing Third-party Content Communication Risks in Higher Education
Higher education institutions encounter substantial risks related to third-party content communications. Two-thirds use six or more systems to track, control, and secure content communications with third parties, increasing their risk exposure. Moreover, respondents in higher education reveal that file sharing and mobile application communication channels pose the highest risk—communication channels leveraged by research students and scholars, including those from nations with a history of theft of IP and nation-state secrets.
At the same time, the breadth of third parties with which higher education institutions exchange sensitive content is substantial: 63% engage with 2,500 or more third parties, escalating the complexity and risk of secure content communication.
All of the above becomes very concerning when the maturity of governance tracking and controls is examined. For example, merely 36.5% have the ability to track and control access to sensitive content folders across all content types and departments. Seven out of 10 survey respondents admit they must enhance their strategies to mitigate risks linked with third-party content communication. This is quite high when compared to other industry responses, an indication that higher education lacks governance maturity. At the same time, it is concerning with 89% experiencing four or more exploits of sensitive content communications in the past year.
91% of higher education survey respondents say they rely on more than five disparate communication tools, with nearly 75% spending $250,000 or more each year, on average, on them.
Higher Education Must Enhance Digital Risk Management
Nearly one-third of respondents indicate they have policies for tracking and controlling content collaboration and sharing on-premises, while only one-quarter have the same in place for the cloud. Remarkably, only 36.5% of higher education institutions have governance tracking and controls on-premises and in the cloud. PII is seen as the data type posing the highest risk, with almost 40% ranking it number 1 over other data types. These statistics expose a worrisome gap in digital risk management practices within the higher education sector, emphasizing the urgent need for improvement to safeguard sensitive content better.
Kiteworks Private Content Network for Higher Education Institutions
The Kiteworks Private Content Network empowers higher education institutions to share and transmit sensitive content such as student records, research data, faculty correspondence, strategic plans, and administrative documents. With Kiteworks, higher education institutions can share sensitive student information, such as transcripts, financial aid documents, or personal data, with authorized personnel, including third parties. Professors and instructors can securely distribute course materials and resources to students, ensuring that only authorized users can access them. They can also exchange grant applications and funding data with external partners. Faculty members and researchers can collaborate on conference presentations and papers that include sensitive information.
1 “Check Point 2023 Security Report,” Check Point Research, February 8, 2023.
2 “Enforcement Agencies Should Better Leverage Information to Target Efforts Involving U.S. Universities,” U.S. General Accounting Office, June 14, 2022.