58% of Secondary Schools faced cyber attacks last year, government figures show

Figures from the Department for Digital, Culture, Media and Sport indicate that 58% of Secondary Schools had a cyber-breach or attack in 2020.

New figures show that over a third (36%) of primary schools suffered a cyber security breach or attack in the past 12 months.

The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, showed that 15% of those secondary schools that had suffered attacks said they had to deal with them on a weekly basis.

The most common type of cyber attack for education providers was phishing emails.

The most common type of cyber attack for education providers was phishing, identified by 84% of primary schools (86% of secondary schools and 91% of further education colleges). It often involves trying to convince recipients to give away their passwords or account details.

That was followed in some way by impersonation attacks, suffered by 20 per cent of primary schools (37% of secondary schools and 58% of further education colleges), where emails impersonate directors or board members.

All education providers said that cyber security was a high priority for their governors or senior management (98% of primary schools, 94% of secondary schools and 95% of colleges). The survey, which took place between October and January, found that just seven per cent of primary schools are aware of the Cyber Essentials scheme (30% of secondary schools and 84% of colleges.)

Whilst half (51%) of colleges have heard of the NCSC’s 10 Steps to Cyber Security, awareness of this guidance is lower among primary schools (29%) and secondary schools (39%).

While the DCMS report makes it clear that cyber security is still a major issue for many schools and colleges, the proportions experiencing negative effects of breaches or attacks in 2021 are significantly lower than in 2019 and preceding years.

This is not because attacks are any less frequent, the report says, but that there has been less monitoring and reporting of breaches this year, given the moves towards remote working during the COVID-19 pandemic.

The government continues encouraging the education sector to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). This is in response to further targeted ransomware attacks on the education sector by cybercriminals. This week the CRC has updated our guidance specifically to help education providers boost their cyber resilience.

Our Business Premium Membership could also support you for a 12-month period; this includes Cyber Security Policy and Procedures Templates, a Phishing Exercise, Cyber Risk Exposure Assessment and a bespoke Cyber Awareness Training program that is tailored to your school/college and delivered to your staff in-person or online.

Whilst 75% of primary and secondary schools have a cyber security policy, by signing up for a membership with the Cyber Resilience Centre, we provide you with cyber security policies & procedure templates. These policies will help you understand the processes in place to protect your company, staff, data and assets.

Your staff must be educated regularly in the changing cybersecurity landscape; the CSBS survey highlighted that less than 40% of schools said they had trained staff on cybersecurity. Unprepared staff are at a heightened risk of being caught unaware when working remotely, returning to the classroom, or starting a new job in September.

Ready to prepare your staff with security awareness training? Contact us today to learn more.