You must prepare for risk in the digital world. But don’t think that you must fight technology with technology; the education of staff and students is your most potent weapon against cyber criminals

Schools have to deal with a huge number of risks, from fires and flooding to budget cuts and a squeeze on places. But it is increasingly a case of “when” rather than “if” they will have to deal with a major incident.

Change is top of the agenda when thinking about risk management. The world is becoming more complex, more chaotic, and more risky. Our march into the cyber era has no doubt brought obvious benefits. Yet with new practices come new challenges. Recent figures show that cybercrime costs the UK £27 billion per year. And with attacks on smaller establishments and institutions becoming a growing trend, schools are more at risk than ever before.

There is no doubt that modern technology has brought huge benefits to education. However, as schools become ever more reliant on technology, so too does the risk of cyber-attack become ever more acute. This is especially true as watering hole attacks, where cyber criminals leverage cloud services to attack even the most secure of networks, are becoming more common. The most recent attacks on Sony in the US are a case in point, and schools are in no way immune, not least because pupils are reliant on the internet every day.

The skills to recognise threats and stay secure must become part of everyone’s job

Such risks therefore need to be reflected in a school’s formal risk management strategy, especially as emerging and non-regulated risks such as this can be easily overlooked.

Cyber risks can broadly be categorised into three themes: direct and malicious attacks, accidental information loss or misuse, and physical system failures. You must take a number of steps to protect school data, staff and pupils from cyber issues such as malware, phishing scams, email attacks and more.

Firewalls, encryption and data back-up provisions are obvious first steps. However, it is a mistake to think that we can only fight technology with technology. In fact, effective prevention is as much about processes and education.

Strong planning is vital to ensure prevention measures are in place and to provide an action plan if a problem occurs. But the education of staff and students is the school’s most potent weapon against cyber criminals. Developing the skills to recognise threats and stay secure must become part of everyone’s job, led from the top.

Of course, while cyber-risks may be making headlines, schools must also prepare for long-standing risks such as fire and flooding, which remain the most common causes of insurance claims. In fact, as schools increase their reliance on technology, the cost of restoration and replacing equipment after a fire or flooding incident is increasing. Over the past decade alone, Zurich Municipal has dealt with more than 50 major claims each valued at more than £1 million, most caused by fire or flooding. In the past two years, three schools have filed claims worth £15 million.

While we can’t stop the rain from falling, there are steps schools can take to minimise their risk exposure. Long-term planning and careful risk management can help to reduce the risk of a major incident, while clear protocols can help to keep staff and pupils safe and significantly reduce damages should an incident arise. Hands-on support from an experienced insurer and computer-aided technology can also help to minimise disruption and get classrooms open again as quickly as possible. Building a strong relationship with your protection provider is critical.

All schools should work closely with their insurer to improve their resilience against possible threats.

Specialist experts have years of experience in risk, underwriting and claims to help meet schools’ individual needs. With this support in place, schools can proactively manage and minimise their risks, as well as having the peace of mind that they have a suitable partner to turn to should things go wrong.