How well are schools protected? New cyber security report from SWGfL

17 Jun 2022 UK SIC

SWGfL have launched a new cyber security report that looks at how well schools are protected throughout England and Wales.

This report was done in partnership with the Institute of Cyber Security for Society at the University of Kent as well as Bitdefender. This report provides a review around the current state of cyber-security within education establishments.

Gathering responses from a survey that was run last year, the report compiles a list of findings around behaviours, issues and risks seen within the topic of cyber security for schools. Responses to the survey represent around 66,800 students in education.

Cyber Security: Report Findings

Data gathered from the survey has shown how well schools have implemented cyber security through policy and practice. It also highlights what risks are currently being seen towards education communities. Some of the top findings include:

  • 62% of schools have not received any cyber security training
  • Out of schools who reported a cyber-attack, 48% were Ransomware attacks
  • 31% of respondents do not have an IT security policy
  • 17% say they have no cyber security concerns
  • 76% of respondents say the internet is key to their job

The report has shown where considerable gaps are in how schools are approaching and implementing cyber security. The need for more resources and support is apparent in order to make positive change and work towards better protection. These also include:

  • More investment in guidance/ training and staff awareness
  • Reviewing of their current policy
  • Assessment of what risks and potential impacts there are
  • Maintenance of what their recovery and response plans are

Andrew Williams (Cyber Security Lead at SWGfL) said:

With cyber and information security continuing to threaten our schools, this report highlights just how important it is that educational establishments put cyber security as their number one entry on the risk register. It’s clear that educational establishments continue to lack resilience against cyber attack.