The education sector needs to re-access its cyber security position. Protecting their IT and online systems needs to be high on their agenda. The private sector needs to realign its budget while the state schools need to be requesting more support in this area with the local councils and government.

This particular topic is a personal one within the Koncise team, as many of us are parents with children in school. In fact, our very own, Ben and Stephen are Governors at their children’s respective schools where cyber security is becoming more of an issue for them and their fellow governors to manage. However, with restricted budgets and resources it is not an easy fix.


A recent report by the BBC revealed that the names, addresses and medical notes of children from a school in Essex, may have been accessed by criminals during a cyber-attack.

Schools hold large amounts of sensitive personal data on learners, parents and carers and education practitioners. All this needs to be kept safe and secure.

These cyber-attacks are happening, and schools are being targeted. It may be more obvious that the private school sector would be a valuable win for any cybercriminal, being that people of wealth would be connected to these schools, but as you can see, the state schools are also having breaches.


A survey carried out by the government last year (2023) reported that half (50%) of higher education institutions and three in ten further education colleges (31%) reported experiencing breaches or attacks at least weekly. In comparison, primary schools (15%) and secondary schools (20%) are less likely to experience breaches or attacks every week. Schools are much closer to the typical UK businesses identifying breaches or attacks (21% of which experience them weekly).


These results showcase that schools and further education institutions are now being targeted at the same level as businesses. A cyber security incident can affect the school’s ability to function, the security of its data and its reputation.

The Education sector needs to review their cyber security risks and improve their cyber resilience. The governing management committees need to focus its strategies on ensuring that schools have IT policies and procedures in place that cover the use of ICT