Survey Results on Cyber Security in UK Schools
30 June 2022
The Institute of Cyber Security for Society (iCSS) and SWGfL, supported by Bitdefender, have created the Cyber Security in UK Schools Report, which provides an up-to-date review around the current state of cyber security of schools in England and Wales.
The report compiles a list of findings around behaviours, issues and risks within the field of cyber security of schools, derived from results of a survey that was run in late 2021. The responses gathered comprised 183 valid respondents from more than 170 schools in 126 different local authorities of England and Wales.
With malicious actors in the cyber space continuing to threaten our schools, this report highlights just how important it is that educational establishments put cyber security among the top entries on their risk register. Some of the key findings of the reports include:
- 76% of respondents said that the internet was a key to their job
- 62% of schools did not received any cyber security training
- 48% of all cyber security attacks reported by respondents were related to ransomware
- 35% of respondents said that their school regularly updates risk and business continuity plans
- 31% of respondents did not have an IT security policy
- 17% of respondents reported that they had no cyber security concerns
Andrew Williams, Online Safety and Information Security Consultant at SWGfl. said, "This report is concerning, and highlights a need to invest in cyber security as cyber attacks continue to increase both in frequency and sophistication. There is a need for a cultural shift in schools. Cyber security should be the number one risk for all educational establishments in the UK. With a potential to impact on finance, attainment and reputation, establishments are advised to take prompt action now: assess organisational risk and record this in a risk register, run regular cyber security training for staff and identify what you would do and who would support you in the event of a cyber incident."
Professor Shujun Li, Director of the iCSS and a co-designer and co-analyst of the survey, said, "As cyber security has been identified a priority of the country and many sectors, the education sector should not be left behind. Improving cyber security of schools is not just about protecting physical and digital assets of the school, but also about protecting people associated with the school, including pupils, school staff and parents, and their personal data. The report reveals a very worrying lack of sufficient cyber security measures at most schools in England and Wales, so we would like to urge all relevant parties to take urgent actions to raise the priority of cyber security within the education sector."