The risk environment for Higher Education Institutions (HEIs) is ever changing. Reviewing 35 Higher Education Institutions’ risk registers, PwC analysed the risk landscape across the sector. With risk registers being a ‘developing topic’ in the industry, the need to view, analyse, and understand this information is rising for the ability to interpret and act to mitigate these risks.
PwC’s risk register found the focus on risk type has changed from the political landscape in 2018/19 to cyber security, sustainability, and infrastructure in relation to both university estates and technological capacity.
Figure 1: Risk focus in HE sector from 2018/19 to 2022/23
In this POV, Responsiv will be summarising and interpreting research conducted by PwC into the risk profile of the Higher Education industry
Cyber security and financial sustainability have been key risks over the past three consecutive years, however, the nature of the risk in these senses has evolved. Whether this be due to the need to maintain momentum with the advent of Covid or the depression of international student recruitment negatively affecting the HE financial situation, or the changing nature of technology use in HE institutions to manage remote and digital learning opening vectors of cyber-attack surfaces.
Students are demanding innovative ways to receive education and institutions are facing challenges to meet this due to decreased funding and increasing costs. Rising energy costs, inflation, and increased staff costs resulting from the cost-of-living crisis has meant that institutions are having to balance investment and costs. Finding solutions that manage this balance is difficult to identify, but crucial for these organisations to mitigate the risks they are facing.
Clear strategy is the way to go. Understanding the priorities and the nice to haves will help define the direction of investment and ensure all areas of the organisation are aligned in achieving these goals.
Figure 2: Occurrence of key risks
Whilst not discussed in-depth in this report, PwC highlight staff recruitment and retention, student recruitment, policy and engagement, and student experience/welfare as known risks to the sector.
- Staff recruitment and retention – ensuring institutions recruit and retain high quality teaching staff and skills for their courses is paramount to maintain reputation and outcomes. PwC find that finding these ‘high calibre academics’ is a growing challenge for the sector, and is listed as a risk in 100% of the reports they analysed in creating this review.
- Policy and engagement – government policies shape the way any sector or industry is run and regulated. Policies filter through organisations and impact the ability to deliver services and achieve strategic goals if they become too constricting. For example, changes to immigration and visa policies has a direct impact on how institutions recruit international students, and feeds into the challenge of student recruitment.
- Student recruitment – PwC highlight student recruitment as an ongoing ‘key operational and strategic risk’ for the sector.
- Student experience/welfare – good student experience is a critical part of how students rate their time at university, as seen in national student surveys. This is important for institutions to focus on, as it determines brand reputation and influences staff and student decisions on attending or dropping out. Providing sufficient support to students is ‘key to ensuring a positive experience,’ and in fostering and maintaining a functional learning experience in the wake of digital hybrid models.
In this section, Responsiv will be exploring and interpreting what we believe are key findings from the PwC report on the ‘Managing Risk in Higher Education.’
- The number one risk flagged in 2023 is cyber security
- Focusing on sustainability, the environment, and climate change
- The sector has entered a digital era
The number one risk flagged in 2023 is cyber security
Multiple cyber security incidents have occurred in the last few years and the risk remains high for the sector.
Cyber criminals are seeing the Higher Education sector as an attractive target due to the value and volume of data and other information they retain, PwC suggest. The mitigation of this challenge is seen to be costly due to many institutions not investing previously in IT controls and cyber security staff.
Numerous high-profile issues within the sector have meant institutions have a better understanding and visibility of the risk. Whilst this does not reduce the external threat, it has catalysed institutions to react. Some institutions have already started to invest in initiating risk mitigation strategies including new staff and technology resources; although PwC highlight that ‘staff resources in this area are scarce.’
PwC found that minimal action has been taken on central points of access within institutions. Currently, software and data are spread thinly, creating a large attack surface for cyber criminals to access systems and subsequently spread throughout the internal systems, accessing valuable and confidential data, which is less likely to be protected.
Responsiv believe that investing in a central point of access is the most secure way of modelling an IT environment, as you can focus your security efforts on one area, and not worry that a disparate system is going to create vulnerabilities for the whole infrastructure.
PwC analysis shows that the most common security vulnerabilities for HEIs include endpoint security, software and patching updates, and application security. With this being the highest on the risk register, the sector needs to have a comprehensive response and strategy to mitigate the threats to their systems and data.
Focusing on sustainability, the environment, and climate change
For many organisations, sustainability has become a new but key focus. This is likely due to the attention and pressure put upon the topic from external sources.
Higher education institutions are a point of interest when discussing sustainability in this sense due to their vastness; campus size, number of buildings and other functions have a significant impact on the environment. The substantial consumption of water, paper, energy, and abundance of waste means universities need to focus on more ‘green’ initiatives.
Having access to reliable data reporting is a hindrance to understanding the full impact of HEIs on the environment, and will create difficulties in measuring successes. This will affect the ability of these institutions to achieve the scope 3 emission reporting requirements: estimating student emission data (transport surveys, etc.) contributing to this lack of insight.
PwC research suggests institutions are wary of the impact of climate change and meeting net zero targets, but decreased funding is making this difficult to effectively act on. Monitoring technologies and green campuses can become expensive quickly, especially if there is no clear strategy, and require time to acquire and provide a return on investment.
PwC further indicate that sustainability risk is driven by goals set by institutions to be net zero by 2030. The goal requires significant investment and will have impact on reputation if not achieved. HEIs look to be strategically committed to these goals, but financially, are less prepared to reach them.
Finding partners with proven track records for achieving project deadlines may be the way HEIs fulfil their goals of net zero; partners to help with emissions tracking and reporting, as well as providers of project management and delivery skills.
The sector has entered a new digital era
The introduction of online learning and recruiting talent online in the wake of the pandemic has only been possible due to a technological infrastructure shift within HEIs.
Blended learning was implemented during the pandemic and has shifted the way that students are now being educated. It has had broader implications on the services HEIs have needed to provide, including improved support services, and facilities for co-working.
The shift to digital has had impacts on HEI environmental footprints due to the reduced need for onsite facilities and personal workspaces for staff. However, in this, considerations over providing support and adequate teaching need to be made to ensure students and staff get the services expected from a Higher Education Institution.
The digital era, and advancements in technologies utilised by HEIs is also a player in the recruitment of students and staff. Working and studying at an institution that efficiently functions with digital solutions is important in hitting expectations.
AI is also raising risks for HEIs, with students using AI applications to write papers, etc. This needs to be addressed by institutions to ensure accurate grading, and that there is no implication on reputation or teaching/grading standards. This is a known challenge in the sector, and is being actively addressed to overcome.
PwC found that institutions are increasingly focused on investing in digital infrastructure to become more efficient. Taking this step has enabled a new way of working and teaching, which accommodates the changing expectations of students who demand digital learning. PwC research shows that the increased demand has brought technological challenges for some institutions who have decided to move to cloud.
Institutions are facing challenges with funding and investments to build the digital campus students expect. Especially with those who have previously neglected investing in projects that are deemed as too expensive to deliver.
PwC have highlighted their key findings on risks in the Higher Education sector:
- Cyber Security
- Digital Infrastructures
Like most industries, Higher Education was not immune to the fundamental working changes imposed by the pandemic. Changes required to maintain services may have left institutions vulnerable to cybercrime. Digital platforms that support remote working may not be aligned across the institution due to department needs; by increasing the attack surfaces available to hackers and viruses, vulnerability is also increased. Managing this risk is paramount in ensuring data and systems are kept secure and that students, staff, and the supply chain is not left susceptible to hacking.
HEIs face challenges in achieving strategic goals of environmental sustainability and net zero targets due to a lack of complete data insight and traceability.
The industry risks have shifted over recent years where new challenges have appeared and also become a focus for many other sectors too.
Read more about PwC’s risk profile report here: Managing Risk in Higher Education I Higher Education sector risk profile 2023 (pwc.co.uk)
Get in touch for more information about managing risk in Higher Education