Simply 22 % of chief know-how officers say college students at their establishment obtain enough cybersecurity coaching, in keeping with Inside Increased Ed’s 2026 Survey of Campus Chief Expertise/Info Officers. By comparability, 68 % say college and employees obtain enough coaching. One other 70 % say their establishment’s management prioritizes cybersecurity investments.
College students constituting a niche of their establishments’ cybersecurity ecosystems is nothing new. In final yr’s survey, simply 26 % of CTOs reported requiring pupil cybersecurity coaching, versus 79 % for college and 86 % for administrative employees.
Extra on the Survey
On Wednesday, June 10, at 2 p.m. Japanese, Inside Increased Ed will current a free webcast that includes skilled panelists to debate the survey findings and what it takes to steer on know-how in right this moment’s quickly shifting postsecondary panorama. Register for that dialog right here, even should you can’t attend stay.
Inside Increased Ed’s 2026 Survey of Campus Chief Expertise/Info Officers was performed by Hanover Analysis. The survey included 130 know-how leaders, principally from private and non-private nonprofit establishments, for a margin of error of eight proportion factors. Obtain the total outcomes right here.
However cybersecurity threats to greater schooling are solely growing, because the latest assault impacting the Canvas studying administration system underscored. And synthetic intelligence guarantees to speed up this pattern. Convincing phishing assaults, as an example, are a lot simpler to draft, personalize and deploy at scale with AI. Agentic instruments characterize new dangers. And fashions have additionally been used to find and weaponize “zero-day” vulnerabilities—these beforehand unknown to builders—in software program methods. This spring, AI big Anthropic mentioned it was withholding its personal Claude Mythos mannequin from public launch because of its unprecedented skill to use such weaknesses. That reportedly induced the White Home to rethink its laissez-faire method to AI regulation, although an government order issued final week introduces a voluntary oversight framework for brand new fashions.
Cybersecurity can also be a rising concern for CTOs in 2026: Almost six in 10 (59 %) establish essential cybersecurity breaches or ransomware incidents as a prime institutional danger by 2030, making it the second-most-cited risk, behind issue recruiting and retaining IT expertise (62 %). The No. 3 risk is unsustainable value trajectories for know-how providers (56 %). These components are a minimum of considerably associated: With scarce sources, establishments should triage who and what will get cybersecurity consideration. Traditionally, college and employees have been prioritized, given their entry to delicate data by advantage of their roles. However specialists instructed Inside Increased Ed that persevering with to place pupil cybersecurity on the again burner hurts not solely the establishment however college students themselves.
“Most universities don’t implement cybersecurity coaching for college students, which opens up that class of customers to be at a better danger than others,” regardless of their being the biggest campus constituency, mentioned Rob Groome, chief data officer on the College of Southern California’s Institute for Artistic Applied sciences. “Universities normally want to have interaction the scholar inhabitants early on within the admission course of relating to cybersecurity expectations, as soon as they’re accepted. This can create a tradition with the incoming pupil inhabitants, and the necessities will simply be a part of their journey by the college.”
Ben Woelk, governance, consciousness and coaching supervisor for Rochester Institute of Expertise’s Info Safety Workplace, defined that many college members have entry to useful analysis knowledge, whereas directors and employees members deal with different kinds of delicate institutional data—making them essential teams for coaching. However whereas college students could not have entry to their school’s highest-value knowledge, they’re typically amongst its most susceptible targets. On this gentle, pupil cybersecurity coaching is as a lot about defending them as defending the establishment.
“Throughout greater schooling, we’re seeing college students focused in credential theft in order that the attacker can try and file tuition refund requests,” Woelk mentioned, including that these occasions might be cyclically timed round key dates within the educational calendar. Moreover, “We’ve had incidences of attackers victimizing worldwide college students with visa-related scams.”
On this latter type of scheme, Woelk mentioned worldwide college students obtain messages, together with calls or texts, that seem to return from authorities companies or regulation enforcement officers warning of visa issues—queries which will appear extra credible within the present political atmosphere. Victims are pressured into sending cash, typically shedding 1000’s of {dollars} inside 24 hours. The Federal Bureau of Investigation and faculties and universities themselves have warned college students about such assaults.
Job scams focusing on college students have additionally turn out to be widespread, Woelk continued, with hackers promising versatile campus employment in alternate for private or monetary data. Usually the preliminary e mail comes from an account that seems to belong to the scholar’s establishment.
“Is it a direct danger to the college? No, not a lot,” Woelk mentioned of a few of these incidents. “However it’s a horrendous affect on the scholars.”
Staying Present
At RIT, cybersecurity fundamentals are included within the digital pupil orientation curriculum. The coaching is much like what college and employees members obtain, however tailor-made to college students’ distinctive vulnerabilities and extra centered on storytelling and real-world eventualities. Woelk mentioned his group has additionally labored with worldwide pupil affairs leaders to lift consciousness. The college has experimented with cybersecurity escape rooms, on-line and off, to extend engagement.
Pupil consideration and employees capability are challenged throughout greater ed, he mentioned, however the case for proactive protection is powerful: Hackers “can ship out 10,000 emails, as many as they want, and in the event that they get half of 1 % to reply and provides issues up, they’re nonetheless getting some return on funding … The attacker doesn’t need to be subtle.”
‘Don’t click on the hyperlink’ appears quaint towards a device the scholar intentionally put in.”
—Strategist Aviva Legatt
Strategist Aviva Legatt, creator of the Increased Ed AI Playbook e-newsletter, agreed that pupil cybersecurity coaching is a worthwhile pursuit—and that it’s a fast-moving goal. Whereas it used to imply “recognizing a careless phishing e mail,” she mentioned, “the latest layer is autonomous brokers—agentic browsers and open brokers like OpenClaw—that college students set up and level at their very own accounts, then let act on their behalf contained in the LMS, e mail, even monetary help portals, utilizing the scholar’s personal reputable entry, and with no guardrails the establishment controls.” This intersects with knowledge governance, she continued, as some college students function faculty officers in ways in which make them topic to federal pupil privateness legal guidelines.
“‘Don’t click on the hyperlink,’” Legatt added, “appears quaint towards a device the scholar intentionally put in.”
CTOs are additionally involved concerning the rise of agentic AI browsers: 26 % agree that they’ve turn out to be a severe privateness and/or security subject at their establishment, whereas 24 % agree they’ve turn out to be a severe educational integrity downside.
