According to the 2024 Cyber Security Breaches Survey, 71% of secondary schools reported experiencing a cyber security breach or attack in the past year. This is higher than the 50% average for all UK businesses, showing that schools are particularly vulnerable. The survey also revealed that phishing remains the most common type of cyber attack, with 92% of primary schools and 89% of secondary schools reporting phishing incidents​ (GOV.UK)​​​. We welcomed a speaker from the National Cyber Security Centre (NCSC), to our previous Cyber Security Conference. They shared strategies to prevent this kind of attack. For the latest information on protecting the public sector, please see our latest conference below.

In recent years, schools have increasingly become targets for cyber threats. The integration of technology in educational environments, while enhancing learning experiences, has also opened new avenues for cybercriminals. Schools hold a wealth of sensitive information, including personal data of students and staff, financial records, and intellectual property, making them attractive targets for malicious actors.

Related article: CrowdStrike: 6 Crisis Management Lessons for the Public Sector

The Current State of Cyber Attacks on Schools

  • 83% of schools experienced some form of cyber security incident. 
  • 69% of schools suffered a phishing attack. 
  • 97% of schools said that losing access to IT services would cause considerable disruption. 
  • 49% of schools are confident that they are adequately prepared in the event of a cyber attack. 
  • 65% of schools don’t train non-IT staff on cyber security. 

These statistics are from the Cyber Security Schools Audit 2019

Three School Cyber Threat Actors 

1. Cyber Criminals 

  • Usually for financial gain. 
  • Recent ransomware attacks on schools. 
  • Can steal money by other means. 

2. Nation States 

  • No evidence of direct targeting. 
  • WannaCry affected NHS and schools. 
  • Untargeted threats can affect schools. 

3. Insider 

  • By staff or pupils, accidental or on purpose. 
  • Overwhelmingly accidental. 
  • The net result is the same. 

Why would they target my school? 

  • Schools hold lots of sensitive data that can be very valuable. 
  • Lots of financial transactions are signed off by one person. 
  • May be seen as a soft target. 
  • Don’t have dedicated security and fraud teams. 
  • IT may be older and therefore more vulnerable. 

Ransomware threat to schools 

  • Ransomware is a type of malware 
  • Perpetrators ask for a money ransom for access to systems and data. 
  • Ransomware attacks can have a devastating financial and operational impact on a school. 
  • NCSC issued 3 Education Ransomware Alerts since 2020. 

Mitigation Strategies: 

  • Mitigate ransomware using a “defence in depth” strategy. 
  • Patching, MFA (Multi-Factor Authentication), Anti-Virus, Phishing awareness. 
  • Assume some malware will infiltrate your organisation. 
  • Have an incident response plan that has been exercised. 
  • Ensure you have a proper backup. 

The cyber security landscape for schools is complex and evolving. With the increasing reliance on digital technologies, it is imperative for educational institutions to adopt robust cybersecurity measures. By understanding the threats and implementing comprehensive security strategies, schools can better protect their data, ensure continuity of operations, and create a safer digital environment for students and staff. 

For more information and resources, visit https://www.ncsc.gov.uk/section/education-skills/cyber-security-schools.

This was presented at our previous Cyber Security Conference, to discover how schools should be preparing school students to be the next generation of cyber professionals, please see our latest event below.

How the Public Sector Could be Engaging and Preparing School Students to be the Next Generation of Cyber Professionals

  • Speaker: Andrew Pape, Head of Computer Science. Online Safety Coordinator, Thomas Tallis School. 
  • Winner – ICT Innovation Award 2024 – Education Business Awards.
  • Finalist – National Cyber School of the Year 2023 – National Cyber Awards 


How useful was this article?

Please click on a star to rate it

71% of secondary schools reported experiencing a cyber security breach or attack in the past year. We welcomed a speaker from the National Cyber Security Centre (NCSC) who shared strategies to prevent this kind of attack.

Register FREE to access 2 more articles

We hope you’ve enjoyed your first article on GE Insights. To access 2 more articles for free, register now to join the Government Events community.

What you'll receive:
2 FREE articles/videos on GE Insights
Discounts to GE conferences and GovPD training courses
Latest events and training course updates
Fortnightly newsletters
Personalised homepage to save you time
Need unrestricted access to GE Insights Now?