Over a third (34%) of English schools and colleges were hit by a cyber incident in the previous academic year 2023/24, according to a new government report.
A teacher survey by exam watchdog the Office of Qualifications and Examinations Regulation (Ofqual) found that 20% of schools and college were unable to recover immediately following an incident, with 4% taking more than half a term to return to normal operations.
Additionally, 9% of headteachers admitted they had had experienced a “critically damaging” cyber-attack in the last academic year.
Anecdotes from teachers on the impact of such cyber incidents included desktops being unavailable for use and teachers being unable to prepare classes as they could not access IT systems.
The most common cause of cybersecurity incidents was phishing attacks, experienced by 23% of schools and colleges.
North-West England was most heavily impacted region, with 40% of schools reporting having experienced a cyber incident.
Read now: UK School Forced to Close Following Cyber-Attack
In January 2023, an audit conducted by the National Cyber Security Centre (NCSC) and the National Grid for Learning (LGfL) found that 78% of UK schools have experienced at least one type of cyber incident.
Schools Urged to Boost Cyber Hygiene
Worryingly, the poll found that one in three teachers have not received cybersecurity training in 2023/24. Of the two-thirds who did, 66% said it was useful.
Ofqual’s Executive Director of General Qualifications, Amanda Swann, warned of the potential dire consequences of successful cyber-attacks on schools and colleges, and urged these institutions to follow NCSC guidance to boost their protections.
“Losing coursework that is the result of many hours of hard work is every student’s nightmare. Even more distressing is losing a whole class or year group’s coursework because of weak cybersecurity on a school or college IT system,” commented Swann.
Schools face unique cybersecurity challenges due to the vast range of users, including children, accessing systems from different devices and locations.
The sensitive data educational institutions hold and substantial impact of systems being offline has also made this sector a big target for ransomware actors.
Commenting on the findings, Suzan Sakarya, Senior Manager, EMEIA Security Strategy at Jamf, said: "Poor cyber hygiene found in schools by Ofqual is no shock at all. On account of continually squeezed budgets, schools lack the means to upgrade devices or systems that contain unpatched vulnerabilities, let alone purchase the latest technology.
"The education sector is increasingly susceptible to attacks as more devices enter schools, more services move to the cloud, and more time is spent online. There is a dire need for security awareness education and support for both staff and students."