Question to the Department for Education:

To ask the Secretary of State for Education, with reference to the comments of the Director of GCHQ on 31 March 2022 on the standard of the UK's cyber security, whether he has made a recent assessment of the cybersecurity and resilience to cyber attack of (a) schools, (b) further education colleges, (c) universities and (d) contexts for early years provision; and if he will make a statement.

The department does not directly assess the cyber security status or resilience of educational establishments. However, it does engage with the sector by collating information from past incidents. This information enables us to gain an insight into the issues faced following a cyber-attack so that we can broadly understand the landscape.

Educational providers in England are responsible for maintaining their information technology systems and cyber security. The department has a dedicated sector cyber security team to support this activity. This team provides appropriate guidance and advice via regular targeted and broad communications to help schools adhere to and maintain good cyber security standards. The sector cyber security team also manages incoming cyber incident reports from educational institutions. Upon report of an incident, the team will provide recovery advice and ongoing support as required.

The department works closely with partners such as National Cyber Security Centre and Jisc to ensure that the same up-to-date guidance, standards, and support are available for higher and further education establishments.

The department has also developed a self-assessment tool that is due for release this year. This tool will help schools assess vulnerabilities in their cyber resilience, highlight areas for improvement, and give direction on how this can be achieved.