The UK education sector is a key target for cyber-attacks, with 73% of institutions having experienced at least one cyber-attack or breach in the past five years, according to new ESET research.
The cybersecurity firm said that a fifth of institutions surveyed reported three or more cyber incidents.
This comes as a UK school in Cheshier, Blacon High School, was forced to temporarily close after falling victim to a ransomware attack on January 17.
Meanwhile, UK government data, published in 2024, found that 71% of secondary schools, 86% of further education collages and 97% of higher education institutions experienced a cyber-attack in the past 12 months.
This compared to 50% of all UK businesses.
ESET researchers found that that 7% of institutions operate without an annual cybersecurity budget at all.
In addition, one-third of education institutions surveyed still lack fundamental protections, such as antivirus software (33%) and strong password policies (35%).
The majority (79%) have not adopted advanced measures like managed detection and response.
Despite Staff Awareness, Stronger Cybersecurity Measures Needed
Most (76%) of education organizations surveyed believe their staff have excellent or good knowledge and awareness of cybersecurity best practices and online safety.
ESET found that over half plan to prioritize increasing staff awareness and training and expanding their cybersecurity tools or software over the next 12 months (55% and 51%, respectively).
“These findings underscore the urgent need for education organizations to adopt a more robust and integrated approach to cybersecurity,” commented Jake Moore, Global Cybersecurity Advisor at ESET.
Spencer Strakey, Executive VP of EMEA at cyber security provider SonicWall, noted, “For cybercriminals, schools are powerhouses of data which hold incredibly sensitive information. Hackers can use the data for two different attack types: phishing and financial crime.”
Among education organizations, ESET found that 43% cited phishing as the top of their list of concerns.
Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf, advised that in the wake of attacks like the one targeting Balcon High School, schools should prioritize improving cyber hygiene and quickly assess their risks, identify network threats and address them effectively.
Moore said that ESET’s findings underscore the urgent need for education organizations to adopt a more robust and integrated approach to cybersecurity.
“Institutions can better safeguard their operations, staff and students, by increasing investment, educating stakeholders, implementing advanced solutions, enhancing training and collaborating with specialized providers,” he said.
