Oli Scarff/Getty Images
show image

UK universities each suffering a week’s downtime a year, FoIs reveal

British universities are experiencing an average of nearly a week’s unplanned network downtime a year, as a result of cyber attacks and IT failures, new research has revealed.

The findings were uncovered through freedom of information requests sent to Britain’s top 100 universities, in an effort to gauge the organisations’ preparedness for major incidents.

The FoI survey, conducted by the disaster recovery specialist Veeam, also found that on average organisations suffered 17.5 unplanned outages a year, typically lasting around nine and a half hours. In one case, an outage lasted three days.

Although the research didn’t uncover any evidence of data loss that warranted a report to the ICO, Veeam described the figures as “concerning”: “Downtime is when a system is at its most vulnerable. If universities’ don’t have testing processes or their systems are not up to date, each of these outages could be disastrous and result in data loss.”

The news comes as British universities, many of which are involved in developing research for coronavirus vaccines, treatments and testing, are facing a surge in attacks.

Earlier this month, the National Cyber Security Centre took the rare step of issuing a joint advisory with its US counterpart, the Cybersecurity and Infrastructure Security Agency (CISA), to warn organisations about such attacks.

As NS Tech reported last week, the British government hasn’t publicly attributed the attacks on UK research, but reports have suggested that China, Russia and Iran are among the suspects. NCSC has previously said those three nations, and North Korea, pose “strategic national security threats to the UK”. The FBI and CISA said last week that officials believed China had carried out the attacks on US research.

“There’s a fine balance between being able to share research data with federated partners – because if we’re going to come to a solution to this it’s going to be a global response using research from all over the world – while protecting the intellectual property,” Veeam’s vice president for the UK and Ireland, Dan Middleton, told NS Tech.

In a statement issued earlier this month alongside NCSC and CISA’s joint advisory, the Foreign Secretary Dominic Raab said: “The effects of these cyber attacks are potentially life-threatening as they disrupt and put pressure on organisations and individuals working hard to save lives.

“The UK will continue to counter those who conduct reckless cyber attacks for their own malicious ends. We are working closely with our allies to hold the perpetrators to account and deter further malicious cyber activity around the world.”