Cyber Threat Assessment Report on education and research 2019/2020

How did cyber security develop in education and research in 2019? What were the main threats and risk factors? What is the state of resilience of institutions? And what are the expected trends for 2020? You can read it in the Cyber Threat Assessment Report 2019/2020.

Persoonlijke training in Windows en beveiliging

2019 threats

Participants scored identity fraud and disruption of IT facilities as the biggest threats. Specifically added for research purposes is the acquisition and disclosure of data. Proven cybercrime methods such as hostage-taking software (ransomware), phishing and DDoS attacks also continue to increase. New threats have also been added, for example: cyber criminals abuse supplier chains by infiltrating them. Educational and research institutions score their own cyber resilience higher than in the previous year. The average score is 6.3; it was 5.5 in 2018.

Cooperation as a sector's most important weapon

Collaboration is often seen as a way to be stronger, work more efficiently and face increasing threats. By working together, the sector is better prepared and can act faster. In order to keep up with the current development of cybercrime, it is necessary to further strengthen cooperation on a number of points, for example in cyber security exercises, such as OZON. Cooperation also helps to overcome the identified shortages of capacity and expertise.


The report concludes that, due to increasing threats, the deployment of institutions remains necessary to increase resilience. There is a lot to be gained, especially in the area of awareness. The increasing use of cloud applications, supplied by large, non-European players, is creating new threats to the availability and confidentiality of data.

About the Cyber Threat Report

The Cyber Threat Report 2019/2020 is the sixth threat assessment on education and research. This report is based on a survey among employees of educational and research institutions and on public sources. In the survey, we asked, among other things, which risk factors are the most important according to the SURF target group, which incidents have occurred, and what the resilience of the institutions is.

Download the summary Cyber Threat Assessment 2019/2020

Previous editions

SURF publishes this report annually: