New cyber insurance requirements place high demands on education

The education sector currently faces the highest volume of cyberattacks of any sector, with 60% of educational institutions (higher and lower) suffering ransomware attacks in 2021. Cyberattacks are a source of significant cost and can cause major disruption to school operations, which was the case of the recent attacks at UMass and Baltimore County Public Schools. The UMass Lowell attack shut down the campus for nearly a week, and Baltimore County Public Schools spent more than $8.1 million to recover from its security breach – only a portion of which was covered by cyber insurance

K-12 administrators are also facing mounting pressure from the federal government to address cybersecurity gaps in its infrastructure that could place student privacy at risk. Following a recent study of cybersecurity in K-12 schools in which the US Government Accountability Office (GAO) determined that Education should take additional steps to protect K-12 schools from cyberattacks, Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) was tasked to review its K-12 cybersecurity plans. Further, the recently-passed K-12 Cybersecurity Act also tasked CISA to create new K-12 cybersecurity guidelines. While these tasks signal federal recognition of the growing cyber threats in education, neither report has resulted in mandated security standards. 

While the federal government has not yet mandated minimum security requirements, higher and lower education institutions are facing the need to improve security from another source: cybersecurity insurance (or “cyber insurance”). However, many institutions are finding that cyber insurance premiums continue to rise to extremely high costs due to the continued increase in cyberattacks.

Finding cost savings on cyber insurance with MFA

The growing risk of attack is driving up cyber insurance premiums, which have spiked by as much as 300% in targeted industries such as education. The higher premiums don’t mean higher cyber insurance coverage, and in fact, administrators are finding themselves facing lower coverage limits. This is also only if schools can find an insurer who will cover them: four in ten schools say fewer cyber insurance providers are offering them coverage than a year ago.

To combat the risk, most insurance carriers are adopting new minimum standards for security, and 49% of schools report facing an increase in the minimum level of cybersecurity they must put in place in order to qualify for cyber attack insurance. 

One of the most universally-required minimums is multi-factor authentication (MFA).

Higher education and K-12 schools looking to maintain or apply for cyber insurance will now need to implement MFA – and in some cases phishing-resistant MFA depending on the cyber insurance provider – or face being denied coverage. These new requirements, if not met, could expose a school to significant financial risk if targeted by hackers, phishing attacks, or ransomware attacks. 

Unfortunately, educational institutions face significant barriers to MFA adoption, from training challenges to budget pressures. While there is a strong push to expand E-Rate funding for cybersecurity investments, it is important to come up with a plan to rollout MFA in a way that balances security with resource challenges and end-user flexibility, while ensuring there are no gaps in MFA coverage. 

The good news is that for those organizations that are proactively implementing MFA for the upcoming 2022-2023 year, significant cost savings can be found not only in avoiding costly cyber attacks and saving IT time on costly password resets, but also on premiums. “The more your insurer trusts your cybersecurity infrastructure, the more likely you are to pay a lower premium, especially if you’re aligned with all government regulations,” notes J.P. Pressley in a recent EdTech article.

For more on how to build a flexible and resilient MFA program in education, read our latest whitepaper: Graduating from legacy MFA to modern authentication. For more information on cyber insurance premiums and cyber security insurance requirements, check out our recent webinar here.

Talk to our teamTalk to our team

Share this article:


  • Future-proofing authentication: A look at the future of post-quantum cryptographyThe path from passwords to passkeys and beyond In a previous blog I talked about the end of passwords and the rise of passkeys, which promise stronger security and less frustration for both individuals and businesses. The global momentum behind passkeys represents one of the most exciting shifts in authentication history, but realizing their full […]Read more
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more