The current nature of educational institutions makes them especially prone to cyber attacks aimed at stealing data in the form of user credentials and other personal information. Many universities foster a culture of open networks and information sharing. Although this increases both student and public access to valuable knowledge, the ease of access to networks used by educational institutions also places them at considerable risk of threat. 

In higher education, for example, data is frequently shared across departments and stored on various systems throughout the institution. The types of data stored on these systems include financial information (relating to student tuition, for example), information relating to the university’s operations and, in many cases, medical information. The type of attacks launched against universities depend largely on the size of the university, with high-profile, research-based universities being at particular risk of attacks from nation states, organised crime, and hacktivists. Smaller-scale universities are far from immune, and frequently suffer from stolen or compromised data.