Listen to this story Members can listen to an AI-generated audio version of this article. 1.0x Audio narration uses an AI-generated voice. 0:00 0:00 Become a member to listen to this article Subscribe The government has launched a new advice service for schools on how to deal with cyber attacks, amid concerns education is “disproportionately targeted” but has weaker defences than other sectors. The DfE’s Cyber Security Hub is an online service which aims to provide schools with clear, practical guidance to help improve their IT security. It includes resources and support for schools, guidance on how to create a cyber support plan along with a template, and information for schools in response to specific cyber attacks. A presentation about the new service was delivered at the Schools and Academies Show. Arati Patel-Mistry, the DfE’s cyber security sector lead, said the new service would provide “digestible, clear and understandable” information for all members of staff in the event of a cyberattack. The service was tested across different types of schools before it was launched, including primaries, secondaries, special schools, trusts and local authorities. Martin Sivorn, deputy director and chief information security officer at the DfE, said they had “a body of evidence” that showed education was “disproportionately” targeted by cyber security attacks compared to other industry sectors. But he added the sector was also considered to have “quite weak defences” and systems to protect them from cyber attacks. A report on the state of school cybersecurity found only half of schools surveyed had a password policy, fewer than one in six had a designated cyber security lead, and less than 40 per cent had a cyber incident response plan. ‘Not just an IT issue’ Chris Everard, chief operating officer at Active Learning Trust, spoke about how his trust dealt with a ransomware attack on its schools in 2024. He said while there was “minimal data loss”, the time spent recovering from the attack was “quite significant”. He added there was a number of things the trust could have done to mitigate the impact, including having internal firewalls and managing backups. Everard urged leaders to invest in cyber security teams. “If you invest in the protection to start with, then your networks and your data is going to be far more secure than having to go through the process that we’ve been through trying to recover.” Sivorn said the National Cyber Security Centre’s annual review from 2025 showed cyber security was “no longer just an IT issue” but “a boardroom priority”. He added: “As a school leader, if you want to prevent cyber attacks, […] increase cyber resilience and harden systems, you have to navigate a really complex landscape. “You need to know what to do proactively ahead of time to increase your defences, and you need to know what to do reactively if an incident does occur. “This is the problem we’re able to solve with our cyber security hub for schools.”