Are British schools facing major Cybersecurity issues?

Edtech charity LGfL and the National Cyber Security Centre (part of GCHQ) claim to have uncovered an “urgent need” for more Cybersecurity defence and capacity in the sector

Posted 30 October 2019 by

UK edtech charity LGfL is warning today about what it calls an “urgent need” for greater Cybersecurity training in schools, following the publication of its Cyber Security Schools Audit.

Working in partnership with the National Cyber Security Centre (NCSC), the pair polled 430 schools across the UK to gain a better understanding of future technology and training needs in the education sector. 

NCSC: “Schools should seek access to the right types of information to help them protect their networks against the cyber threats they face”

The results: only 35% of schools train non-IT staff in cyber security – and in light of the fact that 83% of schools have experienced at least one Cybersecurity incident, Heads should take this revelation seriously to meet the challenge of a growing and increasingly sophisticated threat landscape.

Further key findings of the study, Top of the Class? A Report into Cyber Security Maturity in UK Schools

  • Nearly all schools (97%) responding to the survey said that losing access to network-connected IT services would cause “considerable disruption” 
  • Less than half of schools (49%) were confident that they were adequately prepared in the event of a cyber attack 
  • 85% had a cyber security policy or plan – but only 45% included core IT services in their risk register, and only 41% had a business continuity plan 
  • Schools were aware of data breaches in only 3% of cases.

A more detailed breakdown of UK school Cybersecurity incidents also showed that: 

  • 69% had suffered a phishing attack in the form of fraudulent emails sent to staff, or staff being directed to fraudulent websites
  • 35% had experienced periods with no access to important information
  • 30% had suffered malware infection, including virus or ransomware
  • 20% reported spoofing attacks (where a malicious party poses as a member of  staff) 
  • 11% had suffered attempted attacks to take down a website or online services 
  • 21% had documented unauthorised pupil use of computers, networks or servers 
  • 11% reported unauthorised staff use of computers, networks or servers
  • 8% of schools had been significantly disrupted by a cyber-attack or incident
  • 99% of schools had firewalls in place and 98% had antivirus protection
  • 17% escaped all cyber security incidents listed in the survey

And finally, when it came to Cybersecurity training, a very high 92% of schools would welcome more cyber security awareness training for staff. 

Commenting on the results, Mark Bentley, Safeguarding and Cyber Security Manager at LGfL DigiSafe said, “The Cyber Security Audit provides an invaluable insight into current protection available in schools and the realities of online threats.

“Cybersecurity preparedness can sometimes fall to the bottom of the school agenda” – LGfL

“With ever-increasing accountability, squeezed budgets and a demanding curriculum, Cybersecurity preparedness can sometimes fall to the bottom of the school agenda. 

“It’s vitally important that schools offer Cybersecurity training to their staff and have basic technical protections in place.”

“Schools should seek access to the right types of information to help them protect their networks against the cyber threats they face,” added Sarah Lyons, Deputy Director for Economy and Society at the NCSC.

“We work closely with the education sector to raise Cybersecurity awareness across schools, whilst signposting clear actionable advice to help schools mitigate against common cyber incidents.

“It’s never been more important for schools to be aware of the cyber risks and know that free resources are available to help them prepare and respond to a cyber incident.”