top of page
  • Writer's pictureJared Thompson

48% of Cyber Attacks on Schools are Ransomware attacks

A Cyber Security in UK schools report showed that 17% of schools reported a cyber attack; ransomware was the most common of these attacks (48%).

This report carried out by SWGfL, in partnership with the University of Kent and supported by Bitdefender, showed that schools need to develop a strategy to protect against the effects of a ransomware attack. Key to this is regular Security Awareness Training, regular backup/recovery processes and a Cyber Incident Plan when faced with an attacker.

What is Ransomware?

Ransomware involves the use of computer viruses that threaten to delete (or release publicly) your files unless the ransom is paid (often in bitcoin). Like other computer viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software, cracking weak passwords or tricking somebody into installing malware via a phishing email.

Cyber Security in Schools

The report showed that schools aren’t aware of the risks, A further ​​31% of respondents said that they do not have an IT security policy in place, so they were unaware of the dangers that might affect their data and assets.

You must keep your school secure by implementing cyber security, password, social media and working from-home policies but also give staff regular security awareness training.

Whilst basic knowledge of cyber security should be expected from all your staff, it’s important to implement cyber security training as a business. You should increase the activity level with specific guidance on the types of attacks schools are more likely to face.

We know that Schools, Colleges and universities must stay protected against ransomware - cyber attackers often strike during busy exam weeks and when students are given exam results. This is to cause maximum disruption to your systems to encryption large volumes of data and make you more likely to pay the ransom demand to get this data back at such an important time of the year.

Nurseries and Childminders are also appealing targets for Cyber-Attackers, with one in four nurseries having experienced a data breach in the last 12 months.

How does a Ransomware attack disrupt schools?

In June of 2021, the Evening Standard reported that two schools in Kent were forced to send pupils home and shift to remote teaching. This is after hackers broke into servers and encrypted sensitive information on pupils. The academy was forced to send out communications urging parents to contact their banks to inform them that personal details could have been stolen.

⚠️ Just four in ten primary schools have given staff Security Awareness Training in the last 12 months. ⚠️

You must implement cyber security training when onboarding new staff and then follow this training up throughout the school year.

How can the Cyber Resilience Centre help schools?

Headteachers, Directors, Staff and IT leaders working in schools and academies can sign up for our free membership and download our Cyber Incident Plan to start their journey to stay protected against the most common cyber threats, such as phishing and ransomware attacks. Larger academies can also open discussions with us to invest in your staff and take advantage of our affordable cybersecurity services.

This includes security awareness training, vulnerability assessments and simulated phishing attacks. Investing in our services and guidance can inform your cyber security strategy and save you money in the long term.

Free Membership banner for organisations

My school has been the victim of a cyber attack. What do I do?

  • If you are dealing with a live cyber attack, call Action Fraud at 0300 123 2040

  • When reporting a cyber attack which isn't ongoing, head to Action Fraud and their online reporting tool

  • When you report a fraud to Action Fraud, you are given a police crime reference number, and your case will be referred to the National Fraud Intelligence Bureau (NFIB), which is run by the police.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page