InfoSec / Cyber

Cyber security breaches 2024 in gold letters educational institutions in blue in an orange and blue circle with Harry the Hacker in an orange hoodie in the background phishing for a laptop

Cyber Security Breaches Survey 2024 (Education Institutions)

The Government recently published the Cyber Security Breaches survey 2024. The survey has an annex which includes findings from samples of UK educational institutions.
It is important to remember that the survey can only measure the breaches or attacks that organisations have identified.  There are likely to be hidden attacks and others that go unidentified.

with the types of attacks:

Type of breach or attack Businesses Primary Schools Secondary Schools Further education colleges Higher education institutions
Phishing attacks 84% 92% 89% 97% 100%
Others impersonating organisation in emails or online 35% 29% 58% 78% 90%
Viruses, spyware or malware (excluding ransomware) 17% 14% 21% 32% 77%
Hacking or attempted hacking of online bank accounts 7% 1% 5% 8% 10%
Denial of service attacks 5% 3% 14% 41% 40%
Takeover of organisation’s user accounts 8% 4% 5% 11% 20%
Unauthorised accessing of files or networks by staff 1% 4% 11% 19% 27%
Ransomware 6% 3% 2% 8% 10%
Unauthorised accessing of files or networks by outsiders 1% 1% 3% 0% 20%
Unauthorised listening into video conferences or instant messages 1% 0% 0% 3% 3%
Any other breaches or attacks 3% 2% 3% 16% 47%

As in previous surveys, there were still many educational institutions that had not heard of the various government guidance, initiatives and communications campaigns on cyber security.

Cyber security training or awareness raising activities were less common in schools (albeit majorities) than further education colleges and higher education institutions, although both primary and secondary schools had increased since 2023.

Under half of primary schools (44%) and even less secondary schools (36%)reported having cyber security cover as part of a broader insurance policy. It is worth noting that almost half of the individuals in cyber roles that were interviewed in primary and secondary schools did not know whether their school had this kind of insurance.

The following table shows the percentage of organisations that take the following actions, or have these measures in place, for when they experience a cyber security incident:
Action taken Businesses Primary schools Secondary schools Further education colleges Higher education institutions
Inform directors/trustees/governors 77% 79% 75% 79% 84%
Keep an internal record of incidents 54% 78% 78% 86% 84%
Assessment of the scale and impact of the incident 53% 64% 65% 81% 81%
Formal debriefs to log any lessons learned 50% 67% 68% 72% 74%
Inform a regulator 44% 62% 50% 42% 39%
Attempt to identify the source of the incident 45% 50% 63% 67% 90%
Roles and responsibilities assigned to specific individuals 37% 77% 86% 88% 94%
Written guidance on who to notify 32% 76% 80% 91% 90%
Guidance on when to report incidents externally 29% 68% 76% 81% 84%
Formal incident response plan 22% 57% 71% 81% 87%
Communications and public engagement plans 15% 48% 48% 65% 68%
Inform the cyber insurance provider 11% 29% 20% 28% 13%
Used NCSC approved incident response company 13% 12% 13% 21% 16%


The full report can be read: Cyber Security Breaches Survey 2024 (Educational Institutions Annex)

Search