Although higher learning institutions (HEIs) are quickly evolving and opening to cyber-attacks, we question this very process cautiously with the intention of capturing the vulnerabilities of the HEIs systematically over the time frame of the 2018 to 2025, which PRISMA framework allows transparency and rigour in the methodology. The thematic and content analysis of 33 peer-reviewed articles revealed nine main cybersecurity challenges that include phishing, malware attacks, intellectual property theft, external threat actors, software vulnerabilities, password insecurity, insufficient physical protection, and weak incident disclosure practices. Their results suggest that phishing and malware have remained the most reported most reported threats, and human factors such as the absence of cybersecurity awareness and inadequate training provided keep on increasing the institutional risk. In addition, the research points out to unbalanced coverage of research methods where quantitative research studies prevail, and the qualitative or mixed methods research studies are underrepresented. This research is significant because it discusses general threats in the various categories of threats and distinguishes between outside and inside vulnerability of an organisation, and matches the threats with the current frameworks, such as the CIA (Confidentiality, Integrity, Availability) triad and NIST cybersecurity standards. The review summarises the implications with practical suggestions for implementing integrated cybersecurity frameworks, integrating technical protection, user education and policy planning. Other directions for future research include expanding geographically and investigating the new threats presented by artificial intelligence, cloud computing and Internet of Things (IoT) infrastructure in HEIs.
Salam et al. (Thu,) studied this question.