top of page
  • Writer's pictureJared Thompson

58% of Secondary Schools faced cyber attacks last year, government figures show

Figures from the Department for Digital, Culture, Media and Sport indicate that 58% of Secondary Schools had a cyber-breach or attack in 2020.

New figures show that over a third (36%) of primary schools suffered a cyber security breach or attack in the past 12 months.

The Cyber Security Breaches Survey 2021, published by the Department for Digital, Culture, Media and Sport, showed that 15% of those secondary schools that had suffered attacks said they had to deal with them on a weekly basis.

The most common type of cyber attack for education providers was phishing emails.

The most common type of cyber attack for education providers was phishing, identified by 84% of primary schools (86% of secondary schools and 91% of further education colleges). It often involves trying to convince recipients to give away their passwords or account details.

That was followed in some way by impersonation attacks, suffered by 20 per cent of primary schools (37% of secondary schools and 58% of further education colleges), where emails impersonate directors or board members.

Cybersecurity is a high priority for governors and senior management

All education providers said that cyber security was a high priority for their governors or senior management (98% of primary schools, 94% of secondary schools and 95% of colleges). The survey, which took place between October and January, found that just seven per cent of primary schools are aware of the Cyber Essentials scheme (30% of secondary schools and 84% of colleges.)

Whilst half (51%) of colleges have heard of the NCSC’s 10 Steps to Cyber Security, awareness of this guidance is lower among primary schools (29%) and secondary schools (39%).

Cybersecurity is still a major issue for many schools and colleges

While the DCMS report makes it clear that cyber security is still a major issue for many schools and colleges, the proportions experiencing negative effects of breaches or attacks in 2021 are significantly lower than in 2019 and preceding years.

This is not because attacks are any less frequent, the report says, but that there has been less monitoring and reporting of breaches this year, given the moves towards remote working during the COVID-19 pandemic.

The government continues encouraging the education sector to follow the free help and guidance from the UK cyber security experts at the National Cyber Security Centre (NCSC). This is in response to further targeted ransomware attacks on the education sector by cybercriminals. This week the CRC has updated our guidance specifically to help education providers boost their cyber resilience.

How can education providers improve their cyber resilience?

Our Business Premium Membership could also support you for a 12-month period; this includes Cyber Security Policy and Procedures Templates, a Phishing Exercise, Cyber Risk Exposure Assessment and a bespoke Cyber Awareness Training program that is tailored to your school/college and delivered to your staff in-person or online.

Whilst 75% of primary and secondary schools have a cyber security policy, by signing up for a membership with the Cyber Resilience Centre, we provide you with cyber security policies & procedure templates. These policies will help you understand the processes in place to protect your company, staff, data and assets.

Your staff must be educated regularly in the changing cybersecurity landscape; the CSBS survey highlighted that less than 40% of schools said they had trained staff on cybersecurity. Unprepared staff are at a heightened risk of being caught unaware when working remotely, returning to the classroom, or starting a new job in September.

Ready to prepare your staff with security awareness training? Contact us today to learn more.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page