What does the technology in schools survey tell us?
The DfE Technology in Schools survey: 2024 to 2025 was published this week. We give our views on the results:
Education technology (EdTech) refers to the practice of using technology to support teaching, learning and the effective day-to-day management of education institutions and their business operations. It includes infrastructure, hardware, software and services that
help aid teaching and the daily running of education institutions.
In late 2022 DfE commissioned IFF Research – an independent research agency – to conduct a five-wave biennial Technology in Schools Survey (TiSS) to help track progress against these ambitions and to provide a nationally representative estimate of technology use and digital maturity in English primary and secondary schools.
The aim of the research was to help the DfE understand how best to support schools to embed and use technology in ways that support cost savings, workload reductions and improved pupil outcomes.
Responses were received from 1,634 schools, with 795 of those taking part being school leaders, 1211 teachers and 489 IT leads.
The results are too extensive for us to repeat here and generally speaking the results are 'on the up', meaning that there are generally all round improvements at both primary and secondary level for digital technology. However, the progress is slow and highlights significant vulnerabilities and data security concerns that we see reflected in data walks and discussions that we have with schools. These are highlighted below:
- There are schools with no digital strategy in place.
- Compared to two years ago, it is better understood that creating a business continuity plan is a role for senior leadership team as opposed to the responsibility of one person.
- Only about half of the schools asked reviewed their digital technology on an annual basis.
- There are still a significant number of schools not aware of the DfE Digital Standards. These are a set of standards, or framework provided by the DfE and designed to help with the procurement of digital services, products and devices. And those that are aware do not know the details:
⚠️ 27% of schools said they did not meet the standards
⚠️ 14% said they did not meet the standards and have no additional plans to meet them
⚠️ 15% did not know
Summary of the data protection and cyber security findings:
| Category | Key Finding/Metric | Primary Schools (2025 vs. 2023) | Secondary Schools (2025 vs. 2023) |
| Cyber Security & Safety | Business & Disaster Recovery Plan | 64% (↑ from 50%) | 79% (↑ from 73%) |
| Multi-Factor Authentication (MFA) for sensitive data | 72% (↑ from 64%) | 78% (↑ from 58%) | |
| Personal Data Encrypted/Protected | 86% ( ↑ from 85%) | 90% (↑ from 84%) | |
| Formal Cyber Security Policy (covering cyber security risks) | 39% (↑ from 28%) | 59% (↑ from 55%) | |
| Governor/Senior Manager for Cyber Security | 36% (↑ from 14%) | 45% (↑ from 31%) | |
| Serious Cyber Attacks Reported | 76% ( 76%) | 92% (↑ from 83%) | |
| Most Common Incident: Website/Email Hacking (past 12 months) | 14% (overall) | 14% (overall) | |
| Most Common Incident: Viruses/Malware (past 12 months) | 13% (overall) | 13% (overall) | |
| Cyber Attack Plan Tested Annually | 28% (↑ from 18%) | 41% (↑ from 25%) | |
| Data Protection & Storage | NCSC Backup Advice Met (2 or more back up copies) | 53% | 85% |
| Cloud-only Server Setup | 14% (↑ from 6%) | 1% | |
| Training | Staff Cyber Security Training Provided | 84% (↑ from 72%) | 78% (↑ from 58%) |
| Compulsory Cyber Security Training | 58% ( ↑ from 37%) | 61% (↑ overall) | |
| Policy on Safe/Appropriate GenAI Use (with data protection focus) | ~20% (overall) (one-fifth of schools had a policy in place) | ~34% (overall) |
While there has been an increase in cyber security training, the number of cyber attacks reported by schools continues to increase. This is likely a combination of awareness, number of threats, more sophisticated threats, and staff using more systems online.
Only three quarters of schools use multi factor authentication, one of the main ways to prevent data breaches.
We would advise schools and colleges to review the DfE Digital Standards, to assess where they are now and track their progress. The standards clearly lay out a clear plan and framework for becoming cyber resilient.
✅ Start by assigning an SLT digital lead:
Have you assigned your SLT Digital Lead yet?
✅Complete the Leadership & Governance Tracker (DPE Customers have access to this on our customer portal). As part of completing this standard you will assign your digital lead in your governing body. Find out more about this standard:
✅ Review the six core standards:
✅Review which parts of the standards you should be meeting now, such as data protection, cyber security, supplier due diligence and filtering & monitoring. Data Protection Education can provide support and guidance to help you meet these standards.
Source of information: Technology in Schools survey: 2024 to 2025