Public institutions, including universities, are increasingly the focus of cyber attacks. University management is aware of this development. At the same time, however, there is a discrepancy between the perception of the general threat situation and the threat to their own institution. What do the data tell us, and what could be done to change this? Channa van der Brug speaks with Marian Burk, responsible for the recently published Hochschul-Barometer, who sheds light on the matter.

Channa van der Brug: Marian, it seems that German universities are at a critical juncture when it comes to digital infrastructure. Can you elaborate on the specific challenges they are facing?

Marian Burk: Our survey, which ran between July and September 2024 indeed shows some of the main challenges for German universities regarding digital infrastructure and security. 

A gap between perceived cyber threat and institutional preparedness exists. While 97.3% of university leaders recognise the threat of cyber-attacks to higher education in Germany, only 78.3% perceive this threat to their own institution. This suggests we might underestimate vulnerabilities and that there is a need for more consistent risk assessment. 

Adding to this is the limited implementation of proactive security measures.While the majority of universities (75.3%) regularly back up data, only about a third (29.7%) provide security training for staff. Even fewer (9.5%) provide such training for students. This is a real concern given that the use of personal devices by staff and students is recognised as a factor that adds to the complexity of IT security. The lack of awareness and training among members of the university community simply is a weakness.

Another notable vulnerability is the lack of comprehensive contingency planning. Only a little more than half (53.4%) of the universities report that they have emergency plans in place for cyber attacks. Although a third plan to develop such plans, current preparedness is worrying given the high perceived threat. In addition, the lack of a central point of responsibility for digital security at many institutions is a cause for concern (also highlighted in this article). With three quarters (76.5%) of the universities placing responsibility primarily on the IT department and only 32.7% assigning it to a Chief Information Officer (CIO), there is a lack of strategic focus.

Beyond cybersecurity, what other digital infrastructure barriers are universities facing?

Our respondents also highlight challenges around software adoption and collaboration. Data protection compliance emerges as a top concern for 60.8% of universities, followed by interoperability with existing systems (48.3%). 

Interestingly, there is a low prioritisation of open source solutions (12%), indicating a preference for established solutions. While this may provide a sense of stability, it could potentially limit the exploration of innovative and flexible solutions. In terms of collaboration, universities are primarily focusing on joint initiatives for software licensing (60.6%), cloud storage (48.8%) and high performance computing (39.4%). While these partnerships offer valuable opportunities to pool resources, the sources suggest that there is still untapped potential for more extensive collaboration.

So Marian, what is the way forward? What steps can be taken to improve the situation?

Addressing these challenges will require a multi-faceted approach, including:

• Promoting a common understanding of cyberthreats and consistent risk assessment practices across institutions.
• Expanding proactive security measures, such as educating staff and students, focusing on responsible device use and protecting data.
• Prioritising the development and implementation of comprehensive cyber contingency plans to ensure that all institutions are adequately prepared for potential incidents.
• Establish clear and centralised responsibility for digital security. This may include the appointment of CIOs to provide strategic leadership and coordination.
• Explore a wider range of software solutions, including open source, to ensure flexibility and innovation while maintaining privacy and interoperability.
• Broadening and deepening collaborative initiatives that go beyond the sharing of resources to promote joint development and the exchange of knowledge in areas such as best practices in cybersecurity and innovative software solutions.

In addressing these challenges, universities can create a more secure and dynamic digital environment that supports their research and teaching missions and fosters a culture of collaboration and innovation.

You can download the full Hochschul-Barometer (DE) here.

An international perspective

It’s worth noting that the digital infrastructure challenges faced by German higher education institutions around cybersecurity are not unique. Universities around the world are grappling with similar issues as they navigate the evolving landscape of technology and data management. The EDUCAUSE 2025 report, which examines the top IT concerns in higher education around the world, reveals striking parallels with the Hochschul-Barometer. The EDUCAUSE report specifically addresses the challenges faced by higher education CIOs, a role also highlighted in our German report. CIOs must balance operational demands with strategic vision, driving innovation while managing risk. They have a crucial role to play in unlocking the potential of the institution, contributing to issues such as campus security, data protection and institutional transformation. A lack of central responsibility for digital security due to the absence of a dedicated CIO, can hinder the development of comprehensive security strategies. 

Both the Hochschul-Barometer and the EDUCAUSE report emphasise the importance of collaboration in addressing digital infrastructure challenges. The EDUCAUSE report highlights the growing need for institutions to “plan collaboratively, establish shared services and centres of excellence, share staff and even entire units, and adopt common frameworks, standards and tools”. This is in line with the findings of the German report, which highlights existing collaborative efforts in areas such as software licensing and cloud storage, while suggesting that there is potential for even farther-reaching partnerships. Overall, addressing challenges requires a shift in perspective that goes beyond the concerns of individual institutions and embraces a shared responsibility for shaping a secure, accessible and sustainable digital future for higher education.

About the Hochschul-Barometer

Since 2011, the Stifterverband and Heinz Nixdorf Foundation have conducted the Hochschul-Barometer survey yearly, asking university leaders in Germany for their assessments of the current state of higher education, pressing challenges, and planned developments. Each year, a fixed set of questions is used to gather information on the universities’ operating conditions, partnerships, and competitiveness. The results are analysed according to university type, federal state, university size, and other factors. Additionally, rotating thematic sections cover topics of current relevance. You may find all results on this page (German only): https://www.hochschul-barometer.de.

Marian Burk is a scientific researcher in the “Programme and Funding” department at the Stifterverband für die Deutsche Wissenschaft e.V. with a special interest in conducting studies on the science and innovation sector in Germany. He focuses on data collection, analysis and visualisation as well as research and innovation policy issues.

Channa van der Brug is Programme Manager International Affairs at the Stifterverband at the Hochschulforum Digitalisierung. She also supports the Stifterverband for the European Commission’s Digital Education Hub. She is actively involved in the international exchange of knowledge on the digital transformation of higher education and other topics related to the international goals and ambitions of the Higher Education Forum Digitalisation community.