Freedom of Information requests reveals that the Department for Education has reported a dramatic decrease in cybersecurity incidents over the last five years.
ISMS.online found that while in 2018, the Department for Education recorded 139 cybersecurity incidents, in 2022, they reported only 38.
Cybersecurity incident records
The number of cybersecurity incidents recorded by the Department for Education over the last five years are as follows:
- 1st January 2018 – 31st December 2018: 139
- 1st January 2019 – 31st December 2019: 154
- 1st January 2020 – 31st December 2020: 56
- 1st January 2021 – 31st December 2021: 67
- 1st January 2022 – 31st December 2022: 38
Cyber resilience
The survey found that schools are taking cyber resilience seriously, with 100% using firewall protection
A recent report published by NSCS at the end of 2022 supports the findings ISMS.online have uncovered with their Freedom of Information request.
The survey, which had responses from over 800 schools, found that schools are taking cyber resilience seriously, with 100% using firewall protection, 74% using 2-step verification (2SV) for their most important accounts, and 99% using an antivirus solution.
Ransomware attacks
However, the survey also found that 78% of schools have experienced at least one type of cybersecurity incident mentioned in the audit, with ransomware attacks increasing across the sector.
As a result, schools are reviewing their contingency plans for a cyber breach or attack, with 53% stating that they do not have appropriate documents in place.
Cybersecurity
Cybersecurity budgets are tight, and the risk is that underinvestment now could reverse the positive steps"
While the sector has made considerable strides, certain areas still require work to achieve genuinely effective cybersecurity.
Luke Dash, CEO at ISMS.online, says, “Educational institutions face increasing financial pressure as the cost of living crisis places an additional burden on them, too, cybersecurity budgets are tight, and the risk is that underinvestment now could reverse the positive steps the sector has taken."
Improving cyber strategy
Luke Dash adds, “One of the biggest concerns is that the sector will see these improvements and strides forward as a sign that they no longer need to give as much attention to their cyber strategy and that what they have in place is sufficient."
He continues, "The cyber landscape moves so rapidly that educational institutions must continue to invest in resources, training, and awareness to stay ahead of the next significant attack vector.”