The education sector must improve protection against data breaches given the sensitive data it holds, specialist insurance provider CFC Underwriting says.

Universities hold sensitive data including on research, technology innovation and intellectual property, making them a prime target for cyber criminals.

A massive data breach at Australian National University exposed personal details dating back at least 19 years. Although the breach occurred late last year, it was detected only three weeks ago, according to media reports.

CFC’s International Cyber Team Leader Lindsey Nelson says strict cyber-security measures are sometimes compromised in favour of usability and functionality due to the thousands of people who need access to systems.

And social engineering attacks are surging as more people pay fees online. Attacks involve criminal enterprises impersonating educational institutions, or phishing to intercept student payments.

“The sector must recognise that cyber attacks are a real threat and must step up its protection against malicious data breaches and scams,” Ms Nelson said.