Schools are at “particular risk” of being targeted by cybercriminals, with more than three-quarters of those taking part in a national security audit experiencing at least one incident last year.
The warning comes from the National Cyber Security Centre - part of GCHQ - and edtech charity LGfL - The National Grid for Learning, which have today published their Cyber Security Schools Audit 2022.
It reveals that 78 per cent of UK schools involved in the audit experienced at least one type of cyber incident in 2022 - with 7 per cent reporting significant disruption as a result.
Just over one in five schools (21 per cent) experienced a malware and/or ransomware attack and 18 per cent experienced periods where staff had no access to important information.
The report said that the top three attacks used to target schools were:
- Phishing - fraudulent emails from attackers used to deceive staff into revealing sensitive information
- Spoofing - where attackers impersonate someone else to gain a victim’s confidence, access to a system, steal data or spread malware
- Malicious software - including malware (used to disrupt or gain access to systems), viruses and ransomware (designed to block access to a computer system until a sum of money is paid)
However, the report also found that school awareness of, and preparedness against, cyberthreats appears to have increased since the last audit was carried out in 2019.
It found that just over half (53 per cent) of schools responding reported they felt prepared for a cyberattack (compared with 49 per cent in 2019).
And awareness of phishing in schools has increased from 69 per cent in 2019 to 73 per cent in 2022.
The audit also revealed that just over half of schools (55 per cent) had implemented cybersecurity staff training for non-IT staff, compared with just over a third of schools three years ago.
Sarah Lyons, the NCSC’s deputy director for economy and society, said: “Our schools rely so much on the myriad of data required to run efficiently - including sensitive data on students, parents, governors and staff. Therefore, more work must be done to support cybersecurity around these essential services.
“That’s why the National Cyber Security Centre has been working with schools and the education sector to provide free tools and guidance to help schools manage their cyber risks effectively and support them to keep this valuable information safe.”
More than 800 schools took part in the audit, which took place in May 2022.