⚠ ACTIVE — May 2026: Canvas/Instructure breach — ShinyHunters · 275M records · 8,809 institutions · Ransom agreement confirmed 11 May 2026 · Instructure statement →
WORLD FIRST · LIVE · MAY 2026

Is Your University
Actually Cyber Resilient?

The world's first university-specific cyber resilience framework. 25 questions. 10 minutes. A forensic gap analysis benchmarked against the institutions that failed — and those that didn't.

May 2026 — Canvas LMS breach: ShinyHunters accessed 3.65TB of data across 8,809 institutions in 50+ countries. This assessment goes beyond one incident — it covers your complete university cyber posture, regardless of which platforms you use.
275M
Records stolen ¹
8,809
Institutions hit ²
3.65TB
Data exfiltrated ³
50+
Countries affected ⁵
Free — no cost ever Instant results ISO 27001 · NIS2 · GDPR · FERPA Anonymous until you choose
🏛️
University Cyber Resilience Framework
AjaCertX UCRF · Built exclusively for higher education
Your journey from assessment to certified resilience
Steps 1–3 are completely free. Each step builds on the last. Step 1 starts now.
1
You are here
UCRF Step 1 · Free · Now
Self-Assessment — 25 Questions
Benchmark across 6 UCRF pillars. Score out of 50. Instant gap analysis, priority actions, and your personalised next steps.
✓ Free · ✓ Instant · ✓ Confidential
2
This week
UCRF Step 2 · Free · Unlocks after Step 1
Vendor Risk Audit Template
Excel workbook — assess every platform your institution uses. Mapped to ISO 27001 A.5.23 and GDPR Article 28.
✓ Free download · Auto-scoring · Board-ready
3
This month
UCRF Step 3 · Free Starter · This Month
Leadership Tabletop Exercise
Simulate a breach with your Vice-Chancellor, Registrar, IT Director and Faculty Deans. Free scenario pack included.
✓ Free starter · Facilitated option available
4
3–6 months
UCRF Step 4 · AjaCertX Supported
Full Implementation — Expert Led
Gap assessment, board report, 6-month roadmap, internal auditor training, and certification preparation. Scoped to your institution.
✓ Scoped to your institution · Book a free discovery call
5
Destination
UCRF Step 5 · Ongoing
Continuously Resilient — Verified, Trained & Recognised
Your institution is verifiably resilient. Internal auditors trained from your own staff. Annual UCRF surveillance. Evidence for students, research funders, accreditation bodies, and partner institutions worldwide.
✓ Independently verified · ✓ Trained internal auditors · ✓ Recognised globally
🔗 Vendor Governance 🔐 Identity Assurance 🔄 Academic Continuity 🚨 Incident Readiness 🧠 People & Culture 🎓 Student Data Rights
UCRF Step 1 · Section 1 of 6 0 of 25 answered
📋

Your UCRF Report is Ready

Enter your details to unlock your full gap analysis, section scores, personalised action plan, and your UCRF journey roadmap. Completely free — always.

Please use your university or institutional email — e.g. name@university.edu
No spam — guaranteed
GDPR compliant
Results emailed to you
Never sold or shared

Processed under our Privacy Policy. You may receive one follow-up from AjaCertX — unsubscribe any time.

0
/50

📊 UCRF Pillar Scores
🔴 Critical Gaps — Address First
Your UCRF Journey — From Assessment to Certified Resilience
Step 1 is done. Here is your complete path. Steps 1–3 are free. Each step connects directly to the next.
What Happens Next
Four clear actions — one for each timeframe
✓ Done — Step 1
Self-Assessment Complete
You have your baseline. You know your gaps. You have your priority actions. This is the foundation everything else builds from.
This week — Step 2
Download Vendor Audit Template
Free Excel workbook. Assess every SaaS platform your institution uses. Mapped to ISO 27001 A.5.23 and GDPR Article 28. Takes one afternoon.
This month — Step 3
Run a Leadership Tabletop
Get your Vice-Chancellor, Registrar, IT Director and Faculty Deans in a room. Free scenario pack — or AjaCertX facilitates the full version.
Next — Steps 4 & 5
Book a Free Discovery Call
30 minutes. No obligation. We discuss what UCRF Steps 4 and 5 look like for your institution — and what verified resilience means for your students, funders, and governing body.
📋 Standards & Frameworks the UCRF is Built On
ISO/IEC 27001:2022
Information Security Management — global benchmark
✓ All institutions
ISO/IEC 27701:2019
Privacy Information Management — GDPR alignment
✓ All institutions
ISO 22301:2019
Academic continuity management
✓ All institutions
NIS2 Directive (EU)
EU cyber obligations — includes education
✓ EU institutions
Cyber Essentials+ (UK)
NCSC baseline — UK research contract requirement
✓ UK institutions
NIST CSF 2.0 (US)
National cyber framework — US federal alignment
✓ US institutions
GDPR / UK GDPR
Data protection — 72hr breach notification
✓ EU/UK data handlers
FERPA (US)
Student educational records protection
✓ US institutions

Ready to Move from Assessment to Action?

AjaCertX works exclusively with universities and higher education institutions. Our specialists understand the academic calendar, governance structures, research data obligations, and student-facing complexities that make higher education cyber resilience uniquely demanding. The UCRF is our framework — built for universities, owned by AjaCertX. Every engagement is scoped to your institution. Every journey starts with a free 30-minute discovery call — no obligation, no sales pressure, no generic pitch.

Book Free Discovery Call Education Services →
📚 Sources & References
1 275 million records: ShinyHunters claimed; Instructure confirmed user data stolen. Instructure Incident Update · The Hacker News, May 2026
2 8,809 institutions: ShinyHunters claimed; widely reported. Wikipedia — 2026 Canvas Security Incident · Bleeping Computer
3 3.65TB exfiltrated: ShinyHunters claimed. The Hacker News · The Register
4 Ransom confirmed paid: Instructure confirmed "agreement" with ShinyHunters on 11 May 2026. Amount not publicly disclosed. Instructure Incident Update · Inside Higher Ed
5 50+ countries: Institutions in US, Canada, UK, Australia, New Zealand, Sweden, Netherlands, Hong Kong, Singapore and others reported disruption. Wikipedia
Technical analysis: Bitdefender Technical Advisory, May 2026
This tool references the May 2026 cybersecurity incident based on publicly available information including official statements by Instructure Inc. and verified reporting by established media. AjaCertX makes no representations beyond published facts. This assessment is for informational purposes only and does not constitute a formal security audit, legal advice, or regulatory guidance. © 2026 AjaCertX.
WhatsApp Connect