The security economics of EdTech: vendors’ responsibility and the cybersecurity challenge in the education sector
Digital Policy, Regulation and Governance
ISSN: 2398-5038
Article publication date: 27 April 2022
Issue publication date: 14 June 2022
Abstract
Purpose
The education sector is increasingly targeted by malicious cyber incidents, resulting in huge financial losses, cancelation of classes and exams and large-scale breaches of students’ and staff’s data. This paper aims to investigate education technology (EdTech) vendors’ responsibility for this cyber (in)security challenge, with a particular focus on EdTech in India as a case study.
Design/methodology/approach
Theoretically, building on the security economics literature, the paper establishes a link between the dynamics of the EdTech market and the education sector’s cyber insecurities and investigates the various economic barriers that stand in the way of improving EdTech vendors’ security practices. Empirically, the paper analyses publicly reported cyber incidents targeting the Indian education sector and EdTech companies in the past 10 years as published in newspapers, using the LexisNexis database. It also examines existing EdTech procurement challenges in India and elsewhere and develops a number of policy recommendations to address the misaligned incentives and information asymmetries between EdTech vendors and educational institutions.
Findings
Market forces alone cannot create sufficient incentives for EdTech vendors to prioritise security in product design. Considering the infant stage of the EdTech industry, the lack of evidence about the efficacy of EdTech tools, the fragmentation in the EdTech market and the peculiarities of educational institutions as end-users, a regulatorily and policy intervention is needed to secure education through procurement processes.
Originality/value
This paper introduces a novel exploration to the cybersecurity challenge in the education sector, an area of research and policy analysis that remains largely understudied. By adding a cybersecurity angle, the paper also contributes to the literature using a political economy approach in scrutinising EdTech.
Keywords
Acknowledgements
The author would like to thank the two anonymus reviewers for their very constructive comments. Funding: This work is part of a contract between Digital Pathways at Oxford and the EdTech Hub.
Citation
Fouad, N.S. (2022), "The security economics of EdTech: vendors’ responsibility and the cybersecurity challenge in the education sector", Digital Policy, Regulation and Governance, Vol. 24 No. 3, pp. 259-273. https://doi.org/10.1108/DPRG-07-2021-0090
Publisher
:Emerald Publishing Limited
Copyright © 2022, Emerald Publishing Limited