Educational institutions face increased data breach risks amid surge in UK attacks

cyber-security
Written By Emma Stokes

Educational institutions across the UK are increasingly vulnerable to data breaches as more cyber attacks and poor data handling practices expose sensitive personal information. 

Schools and universities, which hold large amounts of personal data, are becoming prime targets for cybercriminals, according to Ben Marsh, Class Underwriter at Chaucer, a global speciality (re)insurance group.

Speaking exclusively with ETIH, Marsh explained the heightened risks faced by educational institutions. 

"Educational institutions are particularly vulnerable to data breaches. They are a prime target for cyber and social engineering attacks given the valuable, and often large amount, of personal information – more so than traditional businesses," Marsh said.

As the education sector increasingly embraces remote learning and digital platforms, the risks have escalated. Schools and universities rely on third-party service providers to manage and store data, but these outsourced services are contributing to the rise in breaches.

"As remote learning becomes more common, schools and universities will need to invest in stronger cybersecurity controls and data protection measures to reduce the risks of data being compromised by third parties," Marsh added.

Government institutions, including educational bodies, were among the sectors hardest hit by data breaches in 2023. Of the 312 million data breaches that occurred in the UK last year, 196 million were linked to central government institutions, including many educational organisations. This forms a significant portion of the overall increase in breaches, which saw a 53% rise compared to 2022.

Marsh highlighted that outsourcing data management to third-party providers plays a central role in these large-scale breaches. He pointed to an incident in March 2023, when an outsourcing firm managing nearly 400 pension schemes experienced a data breach. 

This incident potentially compromised the personal data of hundreds of thousands of individuals, with 90 pension schemes filing data breach reports to the Information Commissioner’s Office (ICO).

“Growing outsourcing of data management and data processing to third-party providers is fuelling an increase in the potential for large-scale data breaches, potentially affecting tens of thousands of individuals at a time,” Marsh noted.

Data breaches on the rise nationwide

On average, UK citizens were affected by five data breaches each in 2023, with a total of 312 million breaches recorded. This represented a significant 53% increase compared to the 204 million breaches in 2022. The surge in breaches was driven not only by outsourcing but also by a rise in cyber attacks.

The number of successful cyber attacks rose by 20% last year, from 8,948 in 2022 to 11,177 in 2023. These breaches typically expose sensitive information such as financial data, medical records, and personal identifiers, all of which can be sold on the dark web.

Marsh cautioned that not all breaches are the result of cyber attacks. Many incidents are caused by poor data handling practices within organisations, particularly those that outsource data management to third parties.

Marsh added:

“While outsourcing some data management is a logical step for streamlining a business to make it more profitable, data security should never be compromised. Businesses that outsource to unsecured third parties to cut costs may face very hefty losses – in ransoms, fines or lost customers.”

 “Companies must ensure data that is hosted in right place and managed by experts with the proper training. Companies should also include contractual provisions for data breaches in any paperwork they sign with third party providers – and must ensure those outsourced parties comply with up to date regulations.”

Featured
Rocket Learning secures Google.org support to launch AI Tutor for early childhood education in India
Rocket Learning secures Google.org support to launch AI Tutor for early childhood education in India
T-Mobile 5G powers VCU Rice Rivers Center’s real-time conservation efforts for endangered atlantic sturgeon
T-Mobile 5G powers VCU Rice Rivers Center’s real-time conservation efforts for endangered atlantic sturgeon
Proximity Learning and Nearpod team up to improve virtual learning tools for K-12 education
Proximity Learning and Nearpod team up to improve virtual learning tools for K-12 education
Wall Street English unveils new AI conversation tool to boost speaking confidence
Wall Street English unveils new AI conversation tool to boost speaking confidence
Learnosity launches Feedback Aide to address teacher workload and support student learning
Learnosity launches Feedback Aide to address teacher workload and support student learning
iCivics releases new election resources to help US K-12 teachers combat misinformation
iCivics releases new election resources to help US K-12 teachers combat misinformation
Kwame Alexander and Jason Reynolds lead virtual author event to engage students in literature
Kwame Alexander and Jason Reynolds lead virtual author event to engage students in literature
Pega expands Global University Programme to address IT talent shortage and upskill developers
Pega expands Global University Programme to address IT talent shortage and upskill developers
D2L partners with Valuable 500 to support disability inclusion with AI-powered learning platform
D2L partners with Valuable 500 to support disability inclusion with AI-powered learning platform
Canal & River Trust launches new climate change education resource for Key Stage 3 students
Canal & River Trust launches new climate change education resource for Key Stage 3 students
Girls Who Code launches cyber education campaign to promote cybersecurity awareness in K-12 students
Girls Who Code launches cyber education campaign to promote cybersecurity awareness in K-12 students
Keele University launches AI and Data programmes with Multiverse to deliver professional development
Keele University launches AI and Data programmes with Multiverse to deliver professional development
Joe Jonas and PlanetPlay join forces for Make Green Tuesday Moves, encouraging gamers to support sustainability
Joe Jonas and PlanetPlay join forces for Make Green Tuesday Moves, encouraging gamers to support sustainability
Inversity and University of Liverpool Maths School Launch AI education programme for local youth
Inversity and University of Liverpool Maths School Launch AI education programme for local youth
University of Leeds and Perlego partner to provide unlimited digital library access
University of Leeds and Perlego partner to provide unlimited digital library access
The CPD Register investigates UK CPD accreditation standards to ensure quality and transparency
The CPD Register investigates UK CPD accreditation standards to ensure quality and transparency
Asda launches ‘Asda Heroes’ programme to educate primary school students on food waste
Asda launches ‘Asda Heroes’ programme to educate primary school students on food waste
Educational institutions face increased data breach risks amid surge in UK attacks
Educational institutions face increased data breach risks amid surge in UK attacks
Youth Inspiration Nation seeks urgent funding to continue free aviation programme for disadvantaged youth
Youth Inspiration Nation seeks urgent funding to continue free aviation programme for disadvantaged youth
M&S and YoungMinds reach £2 million milestone to support young people’s mental health
M&S and YoungMinds reach £2 million milestone to support young people’s mental health
Emma Stokes
Previous

Asda launches ‘Asda Heroes’ programme to educate primary school students on food waste
Next

Youth Inspiration Nation seeks urgent funding to continue free aviation programme for disadvantaged youth