The Cyber Security Breaches Survey is a research study for UK cyber resilience, aligning with the National Cyber Strategy.
The full report is here: Cyber Security Breaches Survey 2023
There is a separate annex published for education institutions, the full report is here: Cyber Security Breaches Survey 2023 Education Institutions Annex
In Summary, the percentage of organisations that have identified breaches or attacks in the last 12 months:
The results are very different across the different education institutions, and diverge from the experience of businesses.
-
Further and higher education institutions are more likely to have experienced a wider range of different types of breaches and attacks than the typical school or business. A higher proportion of these institutions identify impersonation, viruses or other malware, denial of service attacks, and breaches or attacks that fall into another category.
-
Higher education institutions specifically are more likely than colleges to experience at least one breach or attack involving impersonation, viruses or malware, unauthorised access by staff, and the “other” category.
-
Secondary schools are more likely than primary schools to identify instances of online impersonation, unauthorised access by students, and unauthorised access by staff
This chart shows the percentage that identified the following types of breaches or attacks in the last 12 months,, among the organisations that have identified any breaches or attacks:
How are education institutions affected?
Among those that have experienced breaches or attacks in the last 12 months, higher education institutions appear to be more severely affected by them than schools. The estimates for colleges are nominally in between the other groups, but the differences between colleges and schools are not statistically significant.
-
Half (50%) of higher education institutions and three in ten further education colleges (31%) reported experiencing breaches or attacks at least weekly. In comparison, primary schools (15%) and secondary schools (20%) are less likely to experience breaches or attacks every week. Schools are much closer to the typical UK businesses identifying breaches or attacks (21% of which experience them weekly).
-
Six in ten higher education institutions (61%) experience a negative outcome, such as a loss of money or data from any breaches or attacks. This compares to 22% of primary schools, 24% of secondary schools and 36% of colleges. Schools are closer to the typical business (24%) in this regard.
-
Almost half (45%) of higher education institutions state that their accounts or systems were compromised and used for illicit purposes – the most common negative outcome they mention in the survey. It is worth noting that this specific outcome is only mentioned by 8% of large businesses, making this a much more substantial problem for universities than for other large organisations. This marked difference was also present in 2022.
-
Three-quarters (75%) of higher education institutions say they were negatively impacted regardless of whether there was a material outcome or not. Most commonly, they report needing additional staff time to deal with the breach or attack, or to inform customers or stakeholders (70%) and new measures being needed to prevent or protect against future breaches or attacks (48%). By contrast, primary schools (37%) and secondary schools (49%) are less likely to report being negatively impacted by breaches or attacks, while this applies to six in ten (61%) further education colleges. Primary schools are in line with the typical business (also 37%), while other institutions are closer to large businesses (52% of which identify a negative outcome).
What to do in the event of a cyber attack?
Tell someone! Report to IT. Report to SLT.
Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.
If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss. Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.
Isolate the infected device and pass to IT
Always ensure there are backups you can restore from.