Cybersecurity Schools Audit 2022

The 2019 audit revealed that;

• Nearly all schools (97 percent) said that losing access to network-connected IT services would cause considerable disruption.
• Only around a third of schools (35 percent) train non-IT staff in cyber security.
• A focus on support for non-IT staff is a clear need, and it looks like this would be well received, with 92 percent of schools telling us they would welcome more cyber security awareness training for staff.
• The vast majority of schools (83 percent) had experienced at least one of the types of cyber security incidents we asked about. For example, 69 percent of schools had suffered a phishing attack and 35 percent had experienced periods with no access to important information
• All schools had at least some of the protective technologies or systems in place that we asked about.
• 98 and 99 percent of schools, respectively, had antivirus and firewall protections.
• There was relatively low use of strong cyber security practices such as mobile-device management and two-factor authentication.
• 85 percent of schools had a cyber security policy or plan, but only 45 percent included core IT services in their risk register and only 41 percent had a business continuity plan.
• Less than half of schools (49 percent) were confident that they are adequately prepared in the event of a cyber-attack.