Question to the Department for Education:

To ask Her Majesty's Government what steps they are taking to support educational institutions in protecting themselves from cyber threats.

Education settings rely heavily on IT and online services to function. They also hold large amounts of sensitive personal data on pupils, parents and staff. All this and more needs to be kept safe and secure. Education settings are directly responsible for their own levels of security and data protection and need to ensure they have the appropriate security protections in place to safeguard their systems, data, staff and students. The department encourages all leadership in education to ensure institutional resilience, by taking proactive steps and following advice and guidance from the National Cyber Security Centre (NCSC) and the Department for Education.

The department has been working closely with the NCSC on developing updated advice and guidance to give leadership the best quality advice, such as advice for governors and trustees which is now included in the governors handbook. Furthermore, the department is developing a self-assessment tool for schools on cyber security for the next academic year, which will help highlight areas of potential weakness and what steps can be taken to mitigate cyber security risks.

The department will continue to work closely with the National Technical Authorities in this space to ensure that we provide targeted threat briefing to the education sector when issues emerge, as was done in September 2020 following a number of ransomware incidents in the education sector.