The Cyber Security Breaches Survey 2024, published by the Department for Science, Innovation and Technology (DSIT), found that 71% of secondary schools reported a breach or attack in the past year, compared to 52% of primary schools.
The latest survey reveals the extent of cyber security attacks on schools, and the work schools do to help prevent them.
Phishing Attempts Continue to Impact Schools
Among these attacks, phishing continued to be the most common form of cyber breach in educational establishments, with 92% of primary schools and 89% of secondary schools identifying a phishing attempt. This data correlates with broader research, indicating that phishing was the most prevalent cyber security threat in 2022.
Efforts to Identify and Mitigate Cyber Security Risks
The data also revealed that schools in 2024 were less likely to suffer from other forms of cyber attacks compared to 2023, demonstrating the focus many educational establishments have placed on addressing and preventing cyber-attacks. However, while schools reportedly remained engaged with cyber security practices, the research found that primary and secondary schools were less likely than further education colleges and higher education institutions to seek additional guidance and information on cyber security.
Most schools were reported to have taken proactive steps to identify potential cyber security risks, such as conducting audits, penetration tests, and investing in threat intelligence. Additionally, 75% of primary schools and 81% of secondary schools have implemented a cybersecurity policy. Despite these efforts, primary schools were noted to have the least sophisticated approaches.
How can I protect my school from a cyber-attack?
The DSIT survey revealed that cybersecurity remains a high priority for schools. However, many schools are concerned about securing adequate funding amidst tight budget constraints, highlighting the need for cost-effective solutions to support cybersecurity in educational institutions.
Free tools such as CyberSecure Check for Schools, developed by SWGfL for the Department for Education (DfE), equip schools across the UK to review and enhance their cyber and information security policies and practices through self-assessments. This tool offers a structured approach to identify strengths and areas for development and is available for any school, including multi-academy trusts.
As CyberSecure Check is designed to help achieve consistency in cyber security across educational establishments, it plays a crucial role in ensuring schools are better equipped to handle the evolving risk from cyber-attacks.
Where can I get cyber security training for my organisation?
Recent news has demonstrated the disruption that cyber-attacks can have on schools, and the importance of training staff to know how to protect data and information from cybersecurity breaches.
To help ensure schools get the training they need, SWGfL has partnered with Mimecast, a UK-based company providing security awareness training at a specially negotiated price for educational establishments. Mimecast’s training enhances defences against cyberattacks by equipping all staff with the necessary tools to prevent and respond to potential attacks and threats.
Learn about cyber security training with Mimecast.
Further Support
With cyber security threats continuing to rise, it’s essential that schools can strengthen their response with robust prevention and protection methods. With years of experience in online safety and security, SWGfL continues to provide support and solutions to schools through practical resources and services.