Cyber Threat Assessment Education and Research 2020-2021

How did cybersecurity develop in education and research in 2020? What were the main threats and risk factors? What is the state of resilience of institutions? And what are the expected trends for 2021? You can read all about it in the Cyber Threat Assessment 2020-2021.

Omslag van het rapport van het Cyberdreigingsbeeld

Maastricht University incident and corona

The ransomware incident at Maastricht University at the end of 2019 and the covid-19 pandemic have largely set the agenda for 2020. Due to covid-19, institutions had to switch to online education and working from home from one moment to the next. Both incidents caused many institutions to make additional efforts in the area of cybersecurity.

Number of incidents increased

Compared to 2019, the survey shows no major shifts in the types of threats observed. Acquisition and disclosure of data, identity fraud and Disruption of IT facilities are still the most common threats. The Acquisition and misuse of IT resources has increased in 2020. However, the number of incidents has increased again in 2020. The number of phishing attacks in particular has risen sharply. Ransomware attacks have not shown a strong increase in the Netherlands. The increase in the threat from state actors also requires more attention to be paid to knowledge security.

Additional investments in resilience

The survey shows that, in response to the incident at Maastricht University, many institutions have made additional investments in measures to increase their resilience. The education and research institutions again scored their own cyber resilience higher than in the previous year. The average score is 6.5, whereas in 2019 it was 6.3.

New tooling makes institutions more dependent on cloud providers

With regard to phishing incidents, it is noticeable that cybercriminals are becoming more and more engrossed in the organisations they want to attack. They purposefully approach specific officials within the organisation. To facilitate distance education and working from home, institutions are making use of new tooling, including video conferencing tools and tools for online proctoring. This often makes institutions even more dependent on a limited number of large cloud providers, which can disrupt continuity in the event of a disaster.

More cyber security collaboration in education and research

In the 2019 Cyber Threat Assessment, we called for more collaboration in order to better face threats. In 2020, we have indeed increased collaboration both within and outside the education and research sector. The scarcity of cyber security expertise and the expected decline in funding following the covid-19 pandemic also reinforces the need for collaboration.


The report concludes that at first glance it does not differ much from the 2019 report. However, further analysis of incidents reveals new developments. There are other actors and increased complexity of attacks. Furthermore, investing in training and awareness is becoming increasingly crucial, so that users also become more resilient to the latest threats. Finally, greater dependence on a small number of large cloud providers from outside the EEA makes education and research vulnerable.

infographic cyberdreigingsbeeld 2020-2021

Infographic Cyber Threat Assessment 2020-2021

About the Cyber Threat Assessment

The Cyber Threat Assessment 2020-2021 is the seventh threat assessment concerning education and research. This report is based on a survey of employees of educational and research institutions and on public sources. In the survey, we asked what risk factors SURF's target group considered the most important, what incidents had occurred and what level of resilience the institutions had.

See also: Higher Education Risk and Threat Assessment 2021 (IV-HO)

The Platform for Integral Safety in Higher Education (IV-HO) has produced a new edition of the 'Risk and Threat Assessment for Higher Education'. This report provides an overview of all the risk and threat information relevant to the sector for the thematic subtopics of integral safety. It describes how the risks and threats to higher education are developing, in a similar way to SURF's Cyber Threat Assessment. It thus provides management information for the sector.

Download the Risk and Threat Assessment for Higher Education 2021 report on the IV-HO website (in Dutch)

Similarities and differences between these reports

Both reports use surveys to gather the knowledge and expertise of institutions. The Cyber Threat Assessment goes in depth in the area of cyber security, whereas SURF's survey focuses mainly on information security and cyber incidents. The IV-HO Risk and Threat Assessment 2021 provides a broader overview so as to provide management information for the internal dialogue within the institutions about the opportunities and risks for education and research. The Cyber Threat Assessment is published by SURF. The HO Risk and Threat Assessment 2021 by IV-HO in collaboration with COT, the Institute for Security and Crisis Management.