Report: Education Ranks Second-Last in Global Cybersecurity Assurance Report Card

Education received an overall score of 64 percent on the 2017 Global Cybersecurity Assurance Report Card, which ranked seven industries according to their risk assessment and security assurance. Only government scored lower, with an overall score of 63 percent.

The annual report created by Tenable Network Security in partnership with CyberEdge Group, measures the attitudes and perceptions of IT security professionals, rather than measuring the actual effectiveness of their security systems. The report card measures two different categories of cybersecurity – risk assessment and security assurance – and averages both to rate overall cybersecurity assurance.

The risk assessment index measured 11 key IT infrastructure components. According to the report, containerization platforms, DevOps environments and mobile devices had the lowest risk assessment scores, with 52 percent, 57 percent and 57 percent respectively. Meanwhile, Web applications had the biggest score drop, from 80 percent in 2016 to 62 percent in 2017. Overall, the 2017 risk assessment score dropped 12 percent from 73 percent in 2016 to 61 percent in 2017. "The marked decline in global confidence levels indicates that security professionals may be experiencing a drop in morale as a result of near-daily data breach headlines, compounded by fatigue as a result of the uphill battle to keep pace with emerging technologies and proliferating threats," stated the report.

The security assurance index measured six components of "an organization's ability to mitigate threats by investing in security infrastructure fueled by executive and board-level commitment." Three of the index components were new for this year, including viewing network risks continuously, aggregate risk intelligence, and aligning security with business. The other three index components included measuring security effectiveness, conveying risks to executives and the board, and executive and board-level commitment. Each of those three components indicated minimal change compared to the previous year, and the overall 2017 security assurance index was unchanged from 2016 at 79 percent.

Other key findings from the report:

  • The average risk assessment score for the education industry was 64 percent;
  • The average security assurance score for education was 63 percent;
  • The three highest-scoring components of the education industry were assessing the network perimeter, assessing physical servers in the datacenter and measuring security effectiveness; and
  • The lowest-scoring components of the education industry were assessing cloud environments, conveying risks to executives and board members, and executive and board-level commitment, all of which received a grade of F.

The full report and accompanying infographic are available as free, downloadable PDFs from Tenable Network Security's site.

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at [email protected].

Featured

  • From the Kuali Days 2025 Conference: A CEO's View of Planning for AI

    How can a company serving higher education navigate the changes AI brings to ed tech? What will customers expect? CT talks with Kuali CEO Joel Dehlin, who shared his company's AI strategies with attendees at Kuali Days 2025 in Anaheim.

  • glowing blue AI sphere connected by fine light lines, positioned next to a red-orange shield with a checkmark

    Cloud Security Alliance Offers Playbook for Red Teaming Agentic AI Systems

    The Cloud Security Alliance has introduced a guide for red teaming Agentic AI systems, targeting the security and testing challenges posed by increasingly autonomous artificial intelligence.

  • Training the Next Generation of Space Cybersecurity Experts

    CT asked Scott Shackelford, Indiana University professor of law and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance, about the possible emergence of space cybersecurity as a separate field that would support changing practices and foster future space cybersecurity leaders.

  • abstract pattern of cybersecurity, ai and cloud imagery

    OpenAI Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.