#privacy: Over four-fifths of UK schools have experienced at least one cybersecurity incident

According to a new UK government report, 83% of schools have suffered a cybersecurity incident. 

The National Cyber Security Centre (NCSC) and the London Grid for Learning (LGfL) surveyed 432 schools across the UK. 

It was revealed that an overwhelming 69% of schools had suffered a phishing attack, whilst 30% stated that their school had been infected by malware. Additionally 20% of schools had suffered spoofing attacks. 

The report also noted that 21% of schools cited unauthorised access to computers, networks or servers by pupils. Whilst 11% reported unauthorised access by staff, and 4% by an external party. 

It was noted that schools were aware of data breaches in 3% of cases. 

When asked about the measures put in place in schools, 99% claimed to have firewalls, 98% stated having antivirus, 96% have data backups, 95% said they continuously keep software up to date. 

“Antivirus, backups and patching followed firewalls as the next three most popular attack-prevention technical measures in place. Each were present in over 95 percent of all schools, which is a reassuring sign of fundamental protections in place in UK schools,” the report wrote. 

It was also identified that 85% of schools have a cybersecurity policy or plan, whilst less than half (49%) said they were confident in dealing with a possible cyber-attack.

Amongst the report findings, 71% of schools limit the use of USB drives and memory cards, whilst 70% implement two-factor authentication on important accounts. 

In regards to training, less than half (49%) of schools felt “adequately prepared” for cyber attacks, with only 35% of non-IT staff having received cybersecurity training. Despite this, 92% of schools are open to welcoming in more cybersecurity awareness training for staff. 

LGfl safeguarding and cybersecurity manager, Mark Bentley argued:

“Budgets are tight, the curriculum is squeezed, and school is all about keeping children safe and providing the best-possible education. So you won’t often hear schools talking about their cybersecurity preparedness.”

“Whilst it was hospitals rather than schools which suffered major disruption from the WannaCry virus, schools are just as likely as any organization to face DDoS and phishing attacks.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.