Over a third of English schools have been affected by cyber attacks

Over a third (34%) of English schools and colleges were affected by a cyber incident in the previous academic year, 2023/24, according to a new government report.

A teacher survey by exams regulator Office of Qualifications and Examinations Regulation (Ofqual) found that 20% of schools and colleges were unable to recover immediately after an incident, with 4% taking more than half a semester to return to normal operations to return.

Additionally, 9% of principals reported experiencing a cyberattack with “serious harm” in the last school year.

Anecdotes from teachers about the impact of such cyber incidents included desktops not being available for use and teachers being unable to prepare lessons because they did not have access to IT systems.

The most common cause of cybersecurity incidents was phishing attacks, affecting 23% of schools and colleges.

North West England was the worst affected region, with 40% of schools reporting they had experienced a cyber incident.

Now read: British school forced to close after cyber attack

In January 2023, a review conducted by the National Cyber ​​Security Center (NCSC) and the National Grid for Learning (LGfL) found that 78% of UK schools have experienced at least one type of cyber incident.

Schools are urged to improve cyber hygiene

Worryingly, the survey found that one in three teachers received no cybersecurity training in 2023/24. Of the two-thirds who did, 66% said it was useful.

Amanda Swann, Executive Director of General Qualifications at Ofqual, warned of the potentially dire consequences of successful cyberattacks on schools and colleges and urged these institutions to follow NCSC guidelines to improve their protection.

“Losing academic credit that is the result of many hours of hard work is every student’s nightmare. Even more worrying is the loss of an entire class or year group’s coursework due to a lack of cybersecurity in a school or college’s IT system,” commented Swann.

Schools face unique cybersecurity challenges because many users, including children, access systems from different devices and locations.

The sensitive data held by educational institutions and the significant impact of offline systems have also made this sector a major target for ransomware actors.

Commenting on the findings, Suzan Sakarya, Senior Manager, EMEIA Security Strategy at Jamf, said: “The poor cyber hygiene in schools identified by Ofqual is no shock at all. Due to ever-tight budgets, schools lack the resources to update devices or systems that contain unpatched vulnerabilities, let alone purchase the latest technology.

“The education sector is increasingly vulnerable to attacks as more devices enter schools, more services move to the cloud and more time is spent online. There is an urgent need for education and support for safety awareness for both staff and students.”