Large number of schools experienced cyber attack

The government’s National Cyber Security Centre and the charity National Grid for Learning (LGfL) have published their latest school audit report which warns that schools are at particular risk from cyber-criminals.

The poll of 805 schools across the UK last year found that a substantial number of schools (78%) had experienced at least one type of cyber incident, with 7% experiencing significant disruption as a result. For example, 21% of schools had experienced a malware and/or ransomware attack and 18% had experienced periods with no access to important information.

It found that just over half of schools – 53% - said they felt prepared for a cyber incident. This compares to 49% in 2019.

Staff training of non-IT staff in cyber security has increased from 35% (in 2019) to 55% and awareness of phishing in schools has increased from 69% to 73%.

49% of schools have included their core IT services in a risk register and/or business continuity plan showing an increase from 41% in 2019.

90% of schools have at least one of the following in place: a cyber security policy, a risk register or a business continuity plan. And a third of schools now have all three. 100% of schools now have Firewall and 99% antivirus protection.

Schools continue to need to focus on improvements to security with 4% having no back-up facilities, 26% not implementing multi- factor authentication and 25% not limiting staff access to USB devices.

The report also shows that in 2019, no school recorded a parent losing money due to a cyber incident, but in 2022 six schools reported they had.