Question to the Department for Education:

To ask the Secretary of State for Education, what steps her Department is taking to help tackle cyber attacks on schools.

Educational settings in England are responsible for maintaining their IT systems and Cyber Security. The department has a small, dedicated sector cyber security team to support this activity. This team provides appropriate guidance and advice, via regular targeted and broad communications, to help schools adhere to and maintain good cyber security standards. The department provides guidance for schools and colleges on how to help protect against a cyber incident. This guidance can be found on GOV.UK.

The department also works closely with the National Cyber Crime Security Centre (NCSC) and Joint Information Systems Committee (JISC) to ensure that up-to-date cyber security guidance is shared with schools, colleges and universities.

The department’s Risk Protection Arrangement (RPA) has more than 9,900 member schools, which represents 52% of eligible schools in England, and includes cover for cyber incidents as standard from the 2022/23 membership years. In the event of a cyber incident, RPA members have access to a 24/7 Incident Response Service.

The department’s dedicated sector cyber security function provides advice in response to cyber security enquiries and incident reports from the sector, liaising with the affected institution following an incident to advise on steps to mitigate the threat and provide guidance on recovery.