{"id":5252,"date":"2026-05-01T11:36:33","date_gmt":"2026-05-01T11:36:33","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/05\/01\/uk-education-sector-faces-surge-in-cyber-breaches-despite-stable-national-threat-levels\/"},"modified":"2026-05-01T11:36:33","modified_gmt":"2026-05-01T11:36:33","slug":"uk-education-sector-faces-surge-in-cyber-breaches-despite-stable-national-threat-levels","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/05\/01\/uk-education-sector-faces-surge-in-cyber-breaches-despite-stable-national-threat-levels\/","title":{"rendered":"UK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat Levels"},"content":{"rendered":"
\n
\n

The British public education sector has faced a significant increase in cyber breaches over the past year, despite stable threat levels recorded in the UK.<\/p>\n

These findings are part of the Cyber Security Breaches Survey<\/em> 2025\/2026, released by two UK government agencies, the Department for Science, Innovation and Technology (DSIT) and the Home Office, on April 30.<\/p>\n

\n

The new edition of this annual report, which is the result of a quantitative survey and qualitative interviews carried out between August and December 2025, shows stable trends compared to the previous version, published in April 2025.<\/p>\n

However, buried in the report\u2019s Education Annex lies one of the most dramatic increases in cyber breach prevalence between the two editions \u2013 and it occurred within public educational institutions.<\/p>\n<\/div>\n

First, the annex shows that the proportion of British primary schools identifying cyber breaches increased by 4% in the 2025\/2026 findings compared to the previous reporting period between August and December 2024.<\/p>\n

Additionally, 73% of UK secondary schools also said they experienced a cyber breach, up from 60% in the report published in 2025.<\/p>\n

The 2025\/2026 report also showed 88% of further education colleges were reportedly hit by cyber breaches in the 2026 report, a 3% increase on the previous reporting period.<\/p>\n

Worse, higher education institutions in the UK went form 91% that suffered breaches in the 2025 report to a near-universal 98% in the 2026 report.<\/p>\n

The educational institutions covered in the 2025\/2026 survey comprise 273 primary schools, 222 secondary schools, 33 further education colleges and 49 higher education institutions. Private education businesses were considered separately and are not included in these findings.<\/p>\n<\/p><\/div>\n

\"View
View of New Court’s Clock Tower of St John’s College, University of Cambridge, in twilight, April 18, 2015. Credit: PoohFotoz \/ Shutterstock.com<\/figcaption><\/figure>\n
\n

Aside from education, the survey did not reveal any broader increasing trend in attacks or cybercrimes.<\/p>\n

Most findings remain similar to those reported in the previous edition, indicating a stable trend where approximately 43% of businesses and 28% of charities identified a breach or attack in the last 12 months. In the April 2025 edition of the survey, 43% of businesses and 30% of charities reported cyber breaches or attacks.<\/p>\n

Phishing Dominates as Breach Rates Hold Steady<\/strong><\/h2>\n

Phishing remained the most prevalent and disruptive threat by far (experienced by 38% of businesses and 25% of charities).<\/p>\n

Additionally, there has been a notable increase in the proportion of organizations experiencing only phishing attacks and no other type of incidents (from 45% last year to 51% this year). This shift is partly attributed to the perception that phishing has become easier for attackers to execute in high volumes.<\/p>\n

More complex threats like ransomware and impersonation attacks have seen a decline over the last two years, with just 1% of businesses claiming to have experienced ransomware\u00a0over the 2025\/2026 reporting period.<\/p>\n<\/p><\/div>\n

\n
\n

“When budgets tighten, cyber hygiene is often the first thing cut and that’s exactly when attackers take advantage.”<\/p>\n<\/blockquote>

Muhammad Yahya Patel, CISO and cybersecurity advisor for EMEA, Huntress<\/cite><\/figcaption><\/figure>\n
\n

While the overall frequency of breaches is stable, the severity of the consequences for businesses appears to be rising.<\/p>\n

Although the total proportion of organizations experiencing any negative outcome remained consistent with last year (19% for business and 11% for charities in the 2025\/2026 survey compared to 16% for both businesses and charities in the previous edition), there was a specific increase in businesses reporting that breaches led to a loss of revenue or share value (from 2% in the April 2025 report to 5% in the 2025\/2026 one).<\/p>\n

UK Small Businesses See Cyber Hygiene Rollback<\/strong><\/h2>\n

Muhammad Yahya Patel, CISO and cybersecurity advisor for EMEA at\u00a0Huntress, noted that, while the survey paints a picture of a cyber threat landscape that remains \u201cstubbornly persistent,\u201d one of the most alarming findings is a reversal in small business cyber hygiene.<\/p>\n

Patel referred to findings that saw UK small businesses return to 2023\/2024 cyber hygiene levels, including undertaking cyber security risk assessments (41% in 2025\/2026, a decrease from 48%), having a formal cyber security policy covering cyber security risks (52% in 2025\/2026, down from 59%) and business continuity plans that address cyber security (44% in in 2025\/2026, down from 53%).<\/p>\n

\u201cSmall businesses saw significant drops across key controls. When budgets tighten, cyber hygiene is often the first thing cut and that’s exactly when attackers take advantage,\u201d Patel said.<\/p>\n

\u201cDropping your incident response plan during an era of rising cybercrime is like removing your smoke detectors because you’ve had a good few months.\u201d<\/p>\n

Jon Fielding, managing director of EMEA for Apricorn, also noticed that \u201cstaff training continues to be deemed a low priority among small businesses,\u201d with just a third carrying out sessions compared to 84% of large organizations.<\/p>\n

\u201cBecause of this, the user still remains the weakest link in the chain, and those users are becoming ever more vulnerable because attacks are being crafted and honed by AI,\u201d he argued.<\/p>\n

\u201cPhishing and social engineering attacks are now much more sophisticated and difficult to spot, making it vitally important that employees know how they can report any suspicious communications.\u201d<\/p>\n

Cyber Essentials Adoption Stalls at Just 5%<\/strong><\/h2>\n

The latest survey revealed that only 5% of surveyed UK businesses reported adhering to Cyber Essentials.<\/p>\n

\u201cThis signals a missed opportunity for structured resilience,\u201d said Chris Newton-Smith, CEO of compliance software firm ISMS Online.<\/p>\n

This despite Jonathan Ellison,\u00a0UK National Cyber Security Centre\u2019s director for national resilience, hinting that the the uptake for Cyber Essentials in the last financial year was up around 20% compared during CYBERUK 2026.<\/p>\n

Newton-Smith commented, \u201cFrameworks shouldn’t be seen as compliance overhead as they\u00a0provide proven, repeatable security practices and often reduce reliance on fragmented external advice.\u00a0 Those organizations that rely heavily on consultants instead of frameworks risk inconsistent controls but also a lack of internal capability. \u00a0Frameworks, such as Cyber Essentials, can help turn an organization’s good intentions into operational discipline.\u201d<\/p>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

The British public education sector has faced a significant increase in cyber breaches over the past year, despite stable threat levels recorded in the UK. These findings are part of the Cyber Security Breaches Survey 2025\/2026, released by two UK government agencies, the Department for Science, Innovation and Technology (DSIT) and the Home Office, on<\/p>\n","protected":false},"author":2,"featured_media":5253,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5252","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/05\/5252-02f7681b-ef9f-4249-9b59-04ea31ff6670-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=5252"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/5252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/5253"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=5252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=5252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=5252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}