More than half of UK independent schools targeted by cybercriminals within last five years

61% of independent schools in the UK have experienced a cyber-attack within the last five years, according to a new report profiling the increasing cyber security challenges facing the independent education sector.

‘Independent, but insecure? The growing cyber security risks facing the independent education sector’, compiled by Endsleigh Insurance Services, also reveals that less than 40% of those surveyed considered themselves a target for cybercriminals, with just 1% admitting to feeling ‘highly vulnerable’.

Independent schools are responsible for keeping special category data, such as religious beliefs, medical history and sexual orientation, secure; as well as the financial details of fee-paying parents and guardians.

Despite the prevalence of cyber-attacks within the sector, just 38% of schools monitor their cyber-security policy at least once a month.

Malware (58%), phishing scams (51%) and hackers (40%) topped the list of schools’ concerns, with consequences including: file encryption and deletion, extortion and financial loss, as well as associated reputational damage.

The report also profiles how the cyber-risks faced by schools are not limited to criminal activity, and include accidental data breaches through loss of devices, or human error. Such occurrences can also cause reputational damage to a school, depending on the subject and scale of the data breach. 

The findings are supplemented by advice and guidance from leading legal and cybersecurity experts within the independent education sector as to how to navigate the diverse range of cyber risks schools currently face.

Following the launch of the report, Will Brunwin, Head of Travel and Schools at Endsleigh Insurance Services, commented: “The sustained integration of technology into the schoolroom over the past two decades has undoubtedly changed the art of teaching. Yet, technological innovation has also created new vulnerabilities which can be exploited by criminals, who see schools as profitable targets.

“The disparity between those schools experiencing a cyber-attack (61%) and those who consider themselves a target (39%) demonstrates the worrying gap between risk and perception across the sector. However, by acknowledging the risks and ensuring all IT security systems are routinely assessed, monitored and tested, coupled with a robust staff and pupil education programme, schools can go a long way to mitigating threats.”

Will Brunwin concluded: “Supplementing such practices with a dedicated cyber liability insurance policy can help close the loop and provide a contingency plan if a breach does occur, and ultimately help to support a safe school environment for pupils, parents and staff.”

John Murphie, Chief Operating Officer at ISBA, added: “The ongoing difficulty for schools is finding an effective way to anticipate and counter each cyber threat, without knowing which is coming first, or which is the more sophisticated. It is the ever evolving nature of cyber risks which makes them so difficult to counter. However, strict adherence to basic cyber safety measures and a high degree of ‘cyber hygiene’ with good staff training will be key.”

He concludes: “While some within the sector may feel that a school is not as high a target for cyber criminals as a multi-national firm or public service body, schools can remain vulnerable by not protecting themselves.”

Kristine Scott, Partner and Head of Education at Harrison Clark Rickerbys, who contributed to the paper, said: “Having provided legal counsel to independent schools for a number of years, I would say that cyber security is now in their top three concerns. Schools have come a long way in recent years in acknowledging the cyber-risks posed by the modern working world and we are keen to support that progress.”

James Griffiths. Director, Director at Cyber Security Associates, added: “The key to mitigating the damage is training. Crucially, this should not only be aimed at staff, but pupils too. The best way for schools to future-proof themselves against cyber-threats is to prioritise the risk and to be prepared.”

To access ‘Independent, but insecure? The growing cyber security risks facing the independent education sector’ please visit:

For more information, please visit: ffffffff