The Government’s 2022 Cyber Security Breaches Survey showed that further education colleges (88%) and higher education colleagues (92%) were most likely to identify breaches or attacks. With only 41% of primary schools and 70% of secondary schools identifying breaches or attacks in the last 12 months.

Phishing attacks are the most common type of attack that schools and colleges face, with almost 97% of further education colleges and higher education colleagues (93%) identifying phishing attacks in the last 12 months.

The study also found that six in ten (62%) higher education institutions reported experiencing breaches or attacks at least weekly. 88% have been negatively impacted regardless of whether there was a material outcome. Most commonly, higher education institutions report new measures being needed to prevent or protect against future breaches or attacks.

Attacks on Secondary Schools have Increased in the last 12 months

Attacks on secondary schools have seen a significant increase in the breaches or attacks identified this year up from 58% in 2021 to 70% in 2022. Secondary schools still find Phishing Attacks to be the most common (87%), but schools are still having to deal with impersonation attacks (15%) and Viruses, spyware or malware (15%).

Cyber security is a high priority for governors and senior management

All education providers said that cyber security was a high priority for their governors or senior management (95% of primary schools, 98% of secondary schools and 100% of colleges). The survey, which was released in March of 2022, found that just 24% of primary schools are aware of the Cyber Essentials scheme (52% of secondary schools and 88% of further education colleges.)

Whilst 95% of higher education institutions have heard of the NCSC’s 10 Steps to Cyber Security, awareness of this guidance is lower among primary schools (38%) and secondary schools (44%).

How can you improve your cyber resilience?

Unprepared staff are at a heightened risk of being caught unaware when first starting a new job or dealing with the demands of a busy school week. It's important your staff are being trained in cybersecurity regularly, just 42% of primary schools said they had trained staff on cyber security.

Whilst resources continue to be stretched after such a hectic few years, it's important you don't let forget about Cyber Security. Whilst basic knowledge of cyber security should be expected from all your employees, it’s important to implement your own cyber security training. You should increase the level of training with specific guidance for your industry. It’s important you’re implementing security training when onboarding new starters and then follow this up throughout your employee’s lifecycle.

The Cyber Resilience Centre can offer your staff security awareness training to provide simple and effective knowledge so your staff understand their environment and give them the confidence to challenge when something doesn’t look right. Contact us today to learn more.

Remember that membership with the Cyber Resilience Centre is free, we can't guarantee protection from all types of cyberattacks. But, following our guidance (and from the NCSC) will significantly increase your protection from the most common types of cybercrime.