Cyber threat assessment report education and research 2021-2022

How did cybersecurity evolve in education and research in 2021? What were the main threats and risk factors? What is the state of institutions' resilience? And what are the expected trends for 2022? You can read about it in the Cyber Threat Assessment report 2021-2022.


Omslagbeeld Cyberdreigingsbeeld onderwijs en onderzoek 2021-2022

Covid-19 pandemic

Education and research were also dominated by the covid-19 pandemic in 2021. As in 2020, this did not lead to an abnormal cyber threat scenario. However, we do see that the intensity of incidents within the sector has increased again. The incident in late 2019 at Maastricht University and this increased intensity also led to even more political attention to the state of cybersecurity in our sector in 2021. Moreover, this has further driven the discussion on public values. Institutions also increasingly see the importance of collaboration and are working together more sector-wide.

Global geopolitical tensions will only increase the number and intensity of incidents. For example, with the Russian invasion of Ukraine, we are seeing a rise in the number of digital attacks worldwide, which aim to disable or damage infrastructures.

Intensity of incidents

Ransomware continues to be the most prevalent threat in 2021. Disruptive incidents occurred within the sector that seriously compromised primary processes. A new trend here is that when ransoms are not paid, data is made public. In one case, an absurdly high amount of ransom was demanded.

Chain dependency in relation to incidents involving log4j and Kaseya

The log4j vulnerability and the attack on Kaseya illustrate how dependence on software vendors, service providers and other third parties can lead to problems. It is therefore very important that we properly identify these dependencies and make good agreements with suppliers on who is responsible for what in the chain. In addition, we must ensure that fellow institutions are quickly informed of problems so that they can take action. Crucial to this are knowledge sharing and information exchange, and thus cooperation.

Public values

Education and research are increasingly dependent on the cloud services of a small number of large tech companies. Concerns about this issue have been raised in the public values debate, but this has not yet led to concrete steps to reduce dependence.

Political attention

The incident in late 2019 at Maastricht University marks a turning point for the education and research sector. It has led to additional security measures at most institutions and has also brought additional administrative and political attention to cybersecurity. This will only increase, due to the high dependence on IT in primary processes and the focus on knowledge security. Within the umbrella organisations9 , agreements have been made to grow to a higher maturity level in the field of information security. The ambition is to achieve an average sector-wide score of level 3 for the norms in the SURFaudit Information Security Assessment Framework.


Collaboration is a recurring theme in the Cyber Threat Assessment. Institutions in education and research are still keen to cooperate in the field of information security and privacy. This is also necessary because of the shortage of information security expertise. However, investment in more capacity lags behind. More and more institutions use SURFsoc, SURF's security operations centre. As a result, threats are spotted earlier and shared with more institutions. We also see that in the event of major incidents such as the log4j incident10 information is shared more easily and that SURF and SURFcert are taking on an increasingly coordinating role. Partly due to the long-standing U-CISO consultation and the recently launched HBO-CISO consultation, the threshold for sharing confidential information with each other has also become lower. Nationally, there has already been incident response cooperation since 2020 in the National Coverage System (LDS) [18]. This is a collaboration of the NCSC with sectoral partnerships, CERTs and other public and private parties to exchange information and knowledge about vulnerabilities and threats, for example. This exchange is increasingly taking place.

Finally, cooperation between the central government and (through SURF) the education and research sector in the area of procurement of IT resources and IT services has grown. Risks for processing personal data are also identified within this cooperation, including by jointly carrying out DPIAs. All this ultimately contributes to increasing the resilience of the education and research sector.

Download the Cyber threat assessment report education and research 2021-2022


Infographic Cyberdreigingsbeeld 2021-2022

Infographic Cyber threat assessment report 2021-2022