Why schools are at risk from cyber attacks
As schools become increasingly digital, their exposure to cyber threats grows. But with the right governance, culture and use of free resources, schools can significantly strengthen their cyber defences. Gareth Jelley, cyber security lead at edtech charity LGfL – The National Grid for Learning, explains how
Schools face a wide range of cyber risks due to several compounding factors. They present an unusually large and complex digital footprint – with hundreds or even thousands of students and devices accessing networks daily. Other factors include limited investment in IT, a lack of specialist cyber security expertise, inconsistent staff training, and underdeveloped cyber security governance.
Unlike corporate environments, schools constantly onboard new users and devices, making it harder to secure systems. Senior leaders, already stretched with responsibilities for safeguarding, academic performance and wellbeing, may unintentionally overlook cyber risks.
Outdated systems further increase exposure. For example, devices running Windows 10 stopped receiving security updates in October 2025. Many schools now face a difficult choice: decommission devices and risk disrupting learning, or keep using unsupported systems and hope to avoid a breach.
What sorts of data are at risk?
Schools hold large volumes of sensitive data on pupils, parents and staff. This includes personal details, contact information, school records, medical notes, and safeguarding reports. A data breach could have serious consequences for both individuals and institutions - ranging from reputational damage to legal and even life-threatening implications.
A recent report from the Information Commissioner’s Office (ICO) found that over half of insider cyber incidents in schools are caused by students. In some cases, students have accessed management systems to view, alter or delete data. These systems often store highly sensitive information, including pastoral records, medical details, and staff notes.
What can schools do to improve their cyber security?
The good news is that just as there are many factors that increase risk, there are also many actions schools can take to protect themselves.
A strong starting point is governance. Clear oversight ensures that cyber security becomes part of leadership conversations. Schools should review frameworks like the Department for Education’s Cyber Security Standards and the Government’s Cyber Essentials scheme. LGfL has also developed a free self-led Cyber Security Audit Template to help schools benchmark their current practices against national guidance.
Once risks are assessed and a plan is in place, schools can better prioritise actions and allocate budgets accordingly.
Creating a culture of cyber awareness is just as critical. High-profile attacks often hit the headlines, but without making these real and relatable to staff and students, they risk being ignored. Schools should treat cyber security with the same seriousness as safeguarding or health and safety – ensuring everyone feels responsible for keeping systems secure.
Simple habits, like locking unattended devices or using password managers instead of sticky notes, can make a big difference. Many reported breaches could have been avoided through such basic measures.
On the technical side, identity management is essential. Schools should enforce strong password policies, implement secure authentication methods, and segment access within networks – for example, ensuring only finance staff can access financial data. Multifactor authentication (MFA) is available in most cloud platforms but is still underused in schools. When supported by a positive culture, uptake becomes much easier.
What free tools and resources are available for schools?
There is a wealth of free support available to schools looking to improve their cyber resilience.
The National Cyber Security Centre (NCSC), for example, offers a comprehensive education section, including governor question banks, free training resources for staff and students aged 11–17, and practical guidance drawn from small and medium-sized business contexts, which are often relevant to schools.
The NCSC also runs a free Early Warning Service. Once registered, schools receive alerts if vulnerabilities are detected in their websites, email, or public systems - along with clear steps to resolve issues.
To help leadership teams prepare for potential incidents, NCSC offers Exercise in a Box - a set of tabletop scenarios that simulate cyber attacks. These exercises are invaluable for stress-testing response plans.
The DfE Cyber Security Standards provide a clear and realistic benchmark for schools. They outline what schools should be aiming for and form a solid foundation for improvement.
To support these standards, LGfL has developed a suite of templates and resources, including a free self-led audit that maps directly to the DfE’s recommendations. These tools help schools assess where they stand and what actions to take next.
The Cyber Essentials certification, developed by NCSC, outlines five key technical controls that defend against the most common cyber threats. While certification may be challenging for some schools, working towards it helps embed best practices and raises awareness across staff.
Police Cyber Alarm is another free tool, designed to monitor traffic to and from a school’s internet connection. It alerts schools to potential intrusions, such as attempts to steal data or remotely control malware. The system also monitors firewalls for known vulnerabilities and provides actionable reports.
LGfL’s Security School Report offers a more in-depth review of a school’s digital presence. It goes beyond the Early Warning Service by including detection of credential breaches linked to staff or students and alerts about school data being shared or sold on the dark web. It also includes evidence of malicious online activity targeting the school.
Each report includes clear instructions on how to remediate the issues found, helping schools take action quickly and confidently.
Any other important considerations?
One area that often gets overlooked is the school’s backup strategy. Inadequate backups can significantly amplify the impact of a cyber attack.
The NCSC recommends the 3-2-1 approach: three copies of your data, on two different types of storage, with one copy kept offsite. Yet many schools either don’t follow this model or fail to test their backups regularly.
There have been multiple incidents where schools had backups in place - but couldn’t restore them when needed. Ensuring critical data like the Single Central Record (SCR) is backed up and recoverable can mean the difference between a minor inconvenience and a full school closure.
Testing and monitoring backup systems should be part of every school’s cyber strategy - not just to meet compliance standards, but to ensure continuity of education and safety in the event of a breach.
Latest News
07/01/2026 - 10:10
Solve for Tomorrow is a free, curriculum-linked programme which is mapped to Gatsby Benchmarks 4, 5, and 6, helping teachers embed careers education without adding to workload.
06/01/2026 - 10:24
London's universal free school meals programme has not led to improvements in pupil attainment during its first year, but has eased financial pressure and reduced stress for families.
05/01/2026 - 10:44
New regulations have come into force from today, banning adverts for unhealthy food and drinks before 9pm, and online at all times.
19/12/2025 - 09:54
The Education Committee has expanded its ongoing inquiry into the early years sector to examine how safeguarding can be strengthened in early years settings.
18/12/2025 - 09:25
The UK will be rejoining the Erasmus programme in 2027, following a package of agreements with the EU.
