The DfE Leadership & Governance Standards advises appointing a digital lead in the governing body to help support the cyber security strategy inline with other strategies of the organisation. The role helps provide strategic leadership to an organisation around digital compliance, such as working inline with the DfE Digital Standards. Looking at the 2024 data breaches survey, the number of cyber attacks and incidents in schools is clear: 52% of primary schools and 71% of secondary schools identified a breach attack in the last year. It also showed that awareness around cyber security is low.
As the Schools and Academies Show blog explains, this is not just a technical issue, but a human one. It discusses the increase in attacks where vulnerabilities in school networks are exploited 👉Cyber attacks on schools
The National Cyber Security Centre has some practical resources to help with this, including questions for the governing body 👇
NCSC Cyber Security for Schools
Below are some ideas for responsibilities for the Cyber Governor:
Role : Oversee the organisation's cyber security strategy, policies and risk management by providing support to the SLT digital lead. This would include the organisation's approach to safeguarding IT systems, protecting student and staff data, and by helping prevent cyber attacks like phishing or ransomware.
Responsibilities:
Regularly review the organisation's cyber security policies and procedures with the SLT digital lead.
Conduct risk assessments of systems with IT support/SLT digital lead
Help educate staff and create awareness about cyber threats.
Support digital initiatives to ensure that staff and students have the appropriate devices and digital resources.
Promote digital literacy.
Ensure the digital tools are balanced with any safeguarding requirements.
The Data Protection Governor role in a school aligns closely with the digital/cyber lead role:
Role: Ensure the organisation complies with data protection laws and protects sensitive data.
Responsibilities:
Ensure personal data is collected, stored and process securely.
Promote data protection awareness and training for staff and governors.
Review data breach status.
The roles help ensure:
1. Student and staff safety - by addressing cyber risks and and promoting a secure learning/work environment.
2. Legal compliance - with UK GDPR, the UK Data Protection Act 2018, the DfE Digital Standards and other regulations. This might help preserve reputation.
3. Effective learning - through use of the appropriate digital tools to enhance educational outcomes.
4. Community trust - demonstrating that the organisation prioritises security, innovation and data privacy.
All in all, this ensures that organisations can use technology effectively while managing risks in a way that alights with UK regulatory and educational standards.
Resources and Guidance.
We have the following resources and guidance to help with this:Governance and Data Best Practice Area
DfE Leadership & Governance Tracker
DfE Digital Standards Roles & Responsibilities
Governors Best Practice Checklist
