Cybersecurity is no stranger to the EDUCAUSE Top 10, but this year, technology and cybersecurity leaders are zooming in on the partnerships they're building with institutional stakeholders as the focal point of their efforts. Collaborative Cybersecurity is issue #1 in the 2026 EDUCAUSE Top 10.
There are few other areas in higher education where connection across the institution is more urgently needed than in cybersecurity.
Cybersecurity is no stranger to the EDUCAUSE Top 10, of course, but this year, technology and cybersecurity leaders are zooming in on the partnerships they're building with institutional stakeholders as the focal point of their efforts. This focus acknowledges that our digital ecosystems have become more widely dispersed across public and personal networks and devices, both on and off campus, and that the institutional strategy for securing and defending those networks and devices must be widely dispersed in equal measure.
In other words, cybersecurity strategy in higher education must become a deeply collaborative and shared commitment for everyone, now more than ever.
Technology and cybersecurity leaders are focusing on two important dimensions of this work in the year ahead. First, stakeholders' security supports must be integrated into their work and not merely layered on top of it (as common measures such as security training, awareness campaigns, and simulation phishing exercises tend to be). Security and privacy measures that fit more naturally into stakeholders' daily work and learning, and whose "why" is evident and meaningful, are more likely to gain buy-in and help overcome barriers of convenience and poor user experience. Integrating practices such as authenticated push multifactor and "least privilege" standards, then, should be done in partnership with, not meted out to, institutional stakeholders to ensure they are grounded in and responsive to the work each person needs to accomplish.Footnote1 Even measures such as training and awareness campaigns can be more tailored and individualized, helping them feel more a part of the person's daily experiences.
Second, "collaborative cybersecurity" demands security leadership and staff who are engaged and visible to their campus community as an active and familiar presence. Simply "being there" as a friendly face and a helpful presence that campus stakeholders can get to know, well before any security incident occurs, will be paramount. Approachability based on established relationships, after all, can help increase the likelihood that campus stakeholders will reach out proactively when they have security-related questions or needs, and it can help integrate security awareness into the wider culture of the campus community.Footnote2
Campus Spotlight: Collaborative Cybersecurity at Durham University
Durham University in England supports an impressive range of ground-breaking research, from plotting the future changes in our galaxy to understanding changes within the human brain. Durham CIO James Crooks knows that cybersecurity shouldn't be a barrier to research innovation, and yet he also understands the risks of storing sensitive data that should never fall into the wrong hands. Thankfully, a more collaborative approach to cybersecurity has helped Crooks balance these competing interests.
"We've introduced a mechanism by which we can have really transparent, honest conversations between IT and the researchers who are involved in all these different activities about risk and getting the right balance of control and security versus freedom and flexibility," he said. "The departments that are doing this research now have cyber risks on their own departmental risk register that rolls up into the institutional risk register. So, there's a much broader sense of responsibility for the cyber risks than there ever has been before."
More than just shared responsibility, this relationship has also deepened researchers' collaborations with IT services and support staff. "Things have come out of those conversations that have actually led us to rethink our approach to security more broadly and led to some of those specialist technologies being brought into the support and management of IT more generally, which is also a positive step forward."
Ways to Get Started
Through our panelist interviews and community survey, technology leaders noted some ways institutions might establish a more collaborative approach to cybersecurity:
- Stakeholders are less supportive of security measures when they perceive them as slowing down or complicating the work they're trying to accomplish, especially when they are not engaged in the implementation of those measures. Get to know your users and their critical areas of security vulnerability, understand the work they're trying to accomplish and their points of frustration as users, and work together to identify solutions that ensure security without compromising user experience.
- Continue to offer campus-wide training and awareness campaigns, of course, but experiment with new and potentially more effective approaches to those efforts that fit with stakeholder preferences and needs for engagement. Microlearning opportunities throughout the year, for example, may be more optimal for awareness than larger once-a-year programs. Fun and playful forms of engagement such as gamification can be effective for raising awareness with younger generations of users. The Six Words Project, as one example, helped security leaders at the University of Michigan and UC San Diego create engaging conversations about privacy and cybersecurity across their campuses.Footnote3
Notes
- Narendran Vaideeswaran, "Intro to The Principle of Least Privilege (POLP)," Crowdstrike, January 8, 2025. Jump back to footnote 1 in the text.
- Lance Spitzner, "Why a Strong Security Culture?" SANS, September 20, 2021. Jump back to footnote 2 in the text.
- Michael Corn and Sol Berman, "Privacy and Security: The Six Words Project," EDUCAUSE Exchange, produced by Gerry Bayne, EDUCAUSE Review, September 2, 2020. Jump back to footnote 3 in the text.
James Crooks is Chief Information Officer at Durham University and Deputy Chair at UCISA.
Matthew Flower is Assistant Director and Head of Digital Architecture/Information Security at University of Wolverhampton and UCISA Trustee.
Justin Gatewood is Chief Information Security Officer at California Community Colleges Technology Center.
Frederick Kass is Associate Chief Information Officer for IT Operations at Amherst College.
Jessie Minton is Vice Chancellor for Technology and Chief Information Officer at Washington University in St. Louis.
JT Singh is Senior Associate Vice President and Chief Information Officer at West Chester University of Pennsylvania.
© 2025 EDUCAUSE and the 2025–2026 EDUCAUSE Top 10 Panel. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.