Schools and colleges hit by cyberattacks are taking longer to restore their networks — and the consequences are severe, with students’ coursework being permanently lost in some cases.
New figures from the Office of Qualifications and Examinations Regulation (Ofqual), which regulates school qualifications, examinations, and assessments in England, reveal a troubling trend: more teachers are receiving cybersecurity training, yet institutions struck by attacks are increasingly struggling to recover.
Teacher training in the art of cybersecurity jumped from 61 percent during the 2023 to 2024 school year to 72 percent in 2024 to 2025. Despite this progress, recovery times have worsened significantly.
The research shows only 55 percent of schools experiencing a “cyber incident” recovered “immediately” versus 63 percent in the prior academic year. More concerning still, the severity of attacks has intensified: 10 percent of affected schools reported critical damage — nearly double the 6 percent recorded the year before.
The human cost of these outcomes is substantial. Teachers described student coursework and lesson plans as “gone forever” while an attack against an unnamed academy trust forced staff across the entire organization to recreate their lost schedules and resources, with weeks of disruption to classes as a result.
Released during “Cybersecurity Awareness Month,” the figures have prompted Ofqual to press schools to strengthen their cyber defenses.
“Protection from malware and regular data backups are the most effective defense against these threats. Schools that maintain current, accessible backups can restore systems more quickly and avoid ransomware demands,” said Amanda Swann, Ofqual’s Executive Director of General Qualifications.
“As schools become increasingly digital, robust cybersecurity measures protect both educational continuity and students’ academic futures.”
The Register has contacted Ofqual for additional comment.
Schools regularly find themselves targeted by hackers, but it isn’t just professional cybercriminal operations and ransomware gangs who are to blame. Far from it, in fact.
A recent report by UK data watchdog the Information Commissioner’s Office warned that more than half of cyberattacks against schools are carried out by students, with stolen logins the most common form of breach.
Staff practices also contribute to the problem. One in five incidents resulted from employees sending work data to personal devices — suggesting that cybersecurity awareness training for teachers may need to go further still.
It looks like more lessons on cybersecurity awareness for teachers are required. ®