Key Conclusions on Cybersecurity and Data Protection:

• Recognition of Importance and Feasibility: There is broad recognition among schools and colleges of the importance of cybersecurity. The majority (93%) of respondents either already meet or believe they can meet the cybersecurity standards by 2030, indicating a strong commitment to managing technology risks. Similarly, 98% of respondents reported meeting filtering and monitoring standards, either fully or to some extent.

DPE View: We continue to advise that anyone that has access to the school network or systems should have annual cyber training.  We will publish more support, guidance and resources in the coming weeks where schools can access training for parents, staff, students and governors.

• Core Standards: Cyber security and filtering and monitoring are identified as two of the six core digital and technology standards that all schools and colleges are expected to meet by 2030 to minimise technology-related risks.

• Leadership Responsibility: The report emphasises that cyber security and online safety are not just technical issues but are core leadership and governance responsibilities. There is a need for a shift in mindset at the leadership level to embed cybersecurity into wider school and college strategic thinking and governance.
  
  DPE View: Review our Governance Best Practice area for more information about governor responsibilities around strategy of the school/trust.  It's important to have an SLT Digital Lead before you begin looking at the standards, review our article: SLT Digital Lead Profile.

• Challenges and Barriers: Despite the overall positive outlook, a some schools and colleges face challenges in meeting these standards. The primary barriers identified include:

  • Financial Constraints: Significant costs are associated with upgrading hardware, software, and infrastructure, as well as accessing external expertise, particularly with the upcoming end-of-life for Windows 10 and the need to replace outdated equipment.

  • Technical Challenges and Expertise: Difficulties in managing outdated systems and a lack of in-house technical expertise are prevalent, especially in smaller or rural schools. Reluctance to adopt measures like Multi-Factor Authentication (MFA) due to perceived inconvenience or expense was also noted.

  • Awareness and Training: There is a strong need for improved cybersecurity awareness and training across all levels of school staff, as training is often de-prioritised due to time constraints. Human error remains a significant vulnerability, underscoring the importance of ongoing awareness.

  • Filtering and Monitoring Specific Challenges: While generally well-met, some challenges include the complexity of implementing and managing systems (especially with mixed operating systems or BYOD policies), encrypted traffic/SSL inspection, and circumvention via mobile data.

• Support and Next Steps from the Department for Education: The Department acknowledges these barriers and is committed to providing support.

  • They will continue to raise awareness of cyber threats and help embed effective protocols into school governance.

  • Clear guidance and practical tools will be explored to support greater cyber resilience.

  • Support content on filtering, monitoring, and cybersecurity has been launched through the "plan technology for your school" service, offering personalised recommendations.

  • The standards will be regularly reviewed in collaboration with the National Cyber Security Centre (NCSC) and other stakeholders to ensure they remain up-to-date and achievable.

  • The consultation process itself utilised AI models to analyse responses, with anonymised data and human-in-the-loop checks to ensure compliance with data protection standards, demonstrating a commitment to responsible data handling in their own processes.

In conclusion, while schools and colleges show a strong intent to meet cybersecurity and data protection standards, significant financial, technical, and training-related hurdles remain. The Department for Education is committed to providing ongoing support, guidance, and resources to help institutions achieve these critical goals by 2030, recognising them as fundamental to safe and efficient educational environments.

DfE press release: Government tackles postcode lottery of school technology