Cybersecurity in the Higher Education Sector: Challenges, Solutions and Best Practices


While malicious cyber activities continue to occur frequently across all types of businesses and organizations, universities have also been affected by a fair share of such incidents. These episodes may relate directly to the university business, such as the recent breach of exam software and student records in Australia (see this article on SBS News, August 2020). They may also extend to external private or public organizations, such as the potential compromise to Japan’s maritime strategy via information on university servers (see this article on Nikkei Asia, Sep 2018). This unwelcome and even dangerous situation indicates that much work is still needed to understand and develop safe and effective cybersecurity practices within the university sector.

Cybersecurity is particularly important in higher education institutions. The environment of these institutions is necessarily fairly “free and open” in order to encourage learning and experimentation. Universities hold precious data, including emails, personal information, sensitive research data (e.g., COVID-19 vaccination) and intellectual properties. The majority of the users of university systems are students, who usually possess and use their own computing devices to access university systems. In additional, universities often host visitors. These users may have different levels of knowledge or understanding about cybersecurity, thereby making university systems vulnerable. As such, cybercriminals have identified universities as soft targets, with cyberattacks against the university sector on the rise over the past few years. Worse, as universities are often interconnected to other universities, private or public organizations, a breach in any one of these nodes could have devastating chain-effects on the other nodes.

In short, universities are being exposed to three key areas of cybersecurity concerns: loss of confidential data, loss of data integrity, and loss of access or availability. The compromise of any of these three components can result in losses of money, time, or reputation. The issues of cybersecurity are no longer confined only to IT personnel and engineers. The problem is not just within the domain of private firms and public organizations. Higher education institutions are increasingly affected by the issues that plagued other organizations.

In response to these challenges, the Special Issue on Cybersecurity in the Higher Education Sector: Challenges, Solutions and Best Practices seeks contributions from researchers across a wide range of topics of critical concerns and interests, specifically within the higher education domain. These topics, both empirical or theoretical, include but are not limited to the following.

  • Given the necessary openness of higher educational institutions, what defensive tools or mechanisms are effective against cybersecurity threats?
  • What are the trade-offs between security, costs, and usability?
  • What forms of cyber hygiene training for faculty, staff, students, and visitors may improve cybersecurity?
  • How effective are applications of technologies or techniques (digital forensics, artificial Intelligence, game theory, etc.) for cybercrime detection/prevention in higher educational institutions?
  • What are the issues related to the measurements and management of incident response, investigation and evidence handling?
  • What roles do countering espionage and foreign forces play in cybersecurity within higher educational institutions?
  • How can higher educational institutions improve their cyber resilience?



November 1, 2022 - Submission system opens for research paper

March 30, 2023 - Submission deadline for research papers

June 30, 2023 - first review round completed

September 30, 2023 - revised manuscripts due

December 20, 2023 - Final decision sent to authors

January 25, 2024 - Final manuscript submitted

May 2024 - Publication of Special Issue