Strengthen your cyber defences – Cyber Security Authority to universities

The Cyber Security Authority has urged universities to strengthen their cyber defences and comply with national security directives to protect critical digital infrastructure.

The statement was issued by the Cyber Security Authority on June 16, 2026, following a recent cyber-attack on the University of Nottingham in the United Kingdom, which affected approximately 450,000 students and alumni.

According to the Authority, the incident should serve as a warning that educational institutions are increasingly vulnerable to cyber threats regardless of their size, reputation or technological advancement.

It said the attack exposed sensitive information, including personal records, contact details, student identification information and financial data.

The Authority warned that although the breach occurred outside Ghana, its implications are relevant to the country’s education sector and other critical sectors such as health, telecommunications and transportation.

It noted that Ghanaian universities are undergoing rapid digital transformation, with student information systems, online learning platforms, cloud services, digital payment systems and research collaborations becoming more widespread.

However, it cautioned that the expansion of digital services also increases opportunities for cybercriminals to exploit weaknesses in systems.

The statement said, “The University of Nottingham incident should serve as a reminder that no educational institution, regardless of its size, reputation, or technological sophistication, is immune to cyber threats.”

The Authority further stressed that institutions should shift their focus from whether they will be attacked to how prepared they are to respond.

It said, “The question is therefore not whether Ghanaian universities or other critical sectors will be attacked, but whether they are sufficiently prepared when an attack occurs.”

The Cyber Security Authority also highlighted the Directive for the Protection of Critical Information Infrastructure, launched in October 2021, as a key framework to strengthen cyber resilience.

The directive seeks to ensure operators of critical digital systems adopt adequate safeguards to protect essential services and national interests.

The statement added that organisations should “establish cybersecurity governance structures, conduct risk assessments, implement security controls, report incidents, perform regular audits, and develop robust incident response capabilities to reduce the likelihood and impact of cyber-attacks.”

The Authority urged universities and other critical institutions to fully implement these measures to safeguard data and strengthen national cyber security preparedness.