Leadership

Cyber Security Schools Audit 2022

Schools continue to need to focus on improvements to security with 4% having no back-up facilities, 26% not implementing multi-factor authentication and 25% not limiting staff access to USB devices.

This report by the London Grid for Learning (LGfL) - in collaboration with the National Cyber Security Centre (NSCS) - reveals that the Department for Education has reported a dramatic decrease in cybersecurity incidents over the last five years.

The survey, which had responses from over 800 schools, found that schools are taking cyber resilience seriously, with 100% using firewall protection, 74% using 2-step verification (2SV) for their most important accounts, and 99% using an antivirus solution.

However, the survey also found that 78% of schools have experienced at least one type of cybersecurity incident mentioned in the audit, with ransomware attacks increasing across the sector. As a result, schools are reviewing their contingency plans for a cyber breach or attack, with 53% stating that they do not have appropriate documents in place.

While the sector has made considerable strides, certain areas still require work to achieve genuinely effective cybersecurity.

Key Findings:

  • A substantial number of schools (78%) had experienced at least one type of cyber incident listed with 7% experiencing significant disruption as a result.
  • For example, 21% of schools had experienced a malware and/or ransomware attack and 18% had experienced periods with no access to important information.
  • 100% of schools now have Firewall and 99% antivirus protection.
  • Schools continue to need to focus on improvements to security with 4% having no back-up facilities, 26% not implementing multi-factor authentication and 25% not limiting staff access to USB devices.
  • In 2019, no school recorded a parent losing money due to a cyber incident, but in 2022 six schools reported they had.
  • Just over half of schools – 53% - said they felt prepared for a cyber incident. This compares to 49% in 2019.
  • Staff training of non-IT staff in cyber security has increased from 35% (in 2019) to 55%.
  • Awareness of phishing in schools has increased from 69% to 73%.
  • 49% of schools have included their core IT services in a risk register and/or business continuity plan showing an increase from 41% in 2019.
  • 90% of schools have at least one of the following in place: a cyber security policy, a risk register or a business continuity plan. And a third of schools now have all three.
  • Of the schools surveyed, 22% of schools believed they had escaped all types of incident.
  • Whilst 7% of schools reported being disrupted significantly by a cyber incident or attack, most of those schools are seemingly capable of recovering from these incidents. 81% indicated that they recovered normal school operations in under 3 weeks.

<--- The article continues for users subscribed and signed in. --->

Enjoy unlimited digital access to Teaching Times.
Subscribe for £7 per month to read this and any other article
  • Single user
  • Access to all topics
  • Access to all knowledge banks
  • Access to all articles and blogs
Subscribe for the year for £70 and get 2 months free
  • Single user
  • Access to all topics
  • Access to all knowledge banks
  • Access to all articles and blogs