Building Cyber Resilience in Schools

 

Cyber-attacks can disrupt the safety, operations and crucial services for schools. The strongest schools are not necessarily the most secure, but they are most prepared.

Hero Banner
Brought to you by Gallagher

 Published October 2025

Banner Image

Cyber-attacks can disrupt the safety, operations and crucial services for schools — from compromising student’s privacy to disrupting schools districts. According to IBM’s Cost of a Data Breach Report 2025, the cost of a cyber attack in the education sector has risen from $3.50M in 2024 to $3.80M in 20251.

The trend isn't a reflection of negligence but a direct consequence of a change in the threat environment where sensitive data is seen as a goldmine by criminals. Education institutions are increasingly vulnerable to cyber risks due to their unique operational characteristics and mission, with the real-world impact extending beyond just inconvenience. The high-profile nature of these institutions means that cybersecurity incidents can significantly impact finances, morale and public trust in the school community.

This isn't simply an IT challenge that requires technical solutions. It's a key organizational risk that demands the same systematic approach institutions apply to student protection, fire safety and crisis management. However, with the right measures in place, such systems can build resilience and ensure the security of critical student information.

Education institutions are increasingly vulnerable to cyber risks due to their unique operational characteristics and mission.

Cybersecurity: The impact on student safeguarding

Cybersecurity can be a key part of safeguarding. When a cyber incident occurs, the risk to learners’ safety and well-being becomes an added component that needs to be carefully managed. By working together, District School Leaders (DSLs) and senior leadership can respond quickly and effectively.

Breached staff data can expose sensitive family information to criminals, potentially compromising ongoing safeguarding investigations and revealing confidential details. It's therefore vitally important that such data is stored securely and encrypted, and that DSLs have access to backups so they can maintain communication with stakeholders and respond to any ongoing concerns.

Five actions you can take today

Building cyber resilience doesn't require significant technical expertise or investment in the latest cybersecurity tools. Here are some practical steps that can strengthen your cyber hygiene and response capability:

  1. Create a hard copy: In a crisis, digital systems may be unavailable. Keep a hard copy of key contacts and their roles in a cyber incident. This ensures that everyone knows who to call and what to do, even if the network is completely down.
  2. Add cyber to your existing safeguarding and continuity plans: You don't need to reinvent the wheel. Ensure DSLs and other key safeguarding staff have a clear, rehearsed plan for what to do if they lose access to their systems.
  3. Practice an outage scenario: Think of this as a digital fire drill. Run through a scenario where your school information management system (SIMS) is disabled. How would you check attendance? How would you share critical information? This step builds confidence and identifies gaps in your response plan.
  4. Double-check supplier verification steps: Invoice fraud and phishing are real risks that are becoming harder to spot as bad actors turn to AI to perpetrate more sophisticated attacks. Ensure your finance and admin teams have a clear process for authorizing payment requests, especially new or unusual ones. A simple check like this can prevent significant financial loss.
  5. Encourage a culture of open communication: Staff should feel safe reporting anything suspicious, no matter how small. A culture of transparent communication leads to faster, more effective responses, preventing minor issues from escalating into major breaches.

The real goal is to be resilient. Often the strongest schools and colleges are not necessarily the most secure, but they are the most prepared — and they're not the low-hanging fruit. By taking the practical steps outlined above, you can create a culture of cyber resilience that protects not just your data and systems but also the people and learning at the heart of your institution.

                                                                                                            

[1] “IBM | Cost of a Data Breach Report 2025: The AI oversight gap.

These views reflect Gallagher’s experience in the sector and are provided for general information only

Disclaimer: This article has been prepared by Gallagher for informational purposes only. It does not constitute advice and should not be relied upon as such. The views expressed are general in nature and not intended to address the circumstances of any particular school or institution. While we endeavor to provide accurate and timely information, Gallagher makes no representation or warranty, express or implied, as to the completeness or accuracy of the information contained herein. This article does not replace the need for appropriate insurance coverage or legal advice.

The Cyber Risk Management Service is a non-insurance risk management service. It is not regulated as an insurance product under US law. Services are provided by the UK-based Cyber Risk Team of Arthur J. Gallagher Insurance Brokers Limited, which is authorised and regulated by the UK Financial Conduct Authority. This service does not replace the need for appropriate insurance coverage or legal advice.

About the Author:

Brought to you by Gallagher

Johnty Mongan, Global Head of Cyber Risk Management, Gallagher.

Email: Johnty_Mongan@ajg.com

  

   

The Leader You Are. The Change You Drive.

Advance your leadership at the 2026 Leadership Forum in New Orleans, Louisiana, January 29–30, 2026, through focused tracks that strengthen your skills and broaden your perspective. Engage with professionals who truly understand your work and gain strategies, insights, and connections that support confident, effective leadership.

RESERVE YOUR PLACE TODAY!
Global message icon