Cyber Security: A Leadership Responsibility
Cyber attacks on schools are rising fast. The UK Government’s Cyber Security Breaches Survey 2025 found that 60% of secondary schools and 44% of primaries reported an incident in the past year alone.
The Department for Education’s consultation response put it plainly: cyber security is no longer just an IT issue. It’sa leadership responsibility — tied to safeguarding, compliance, data protection, and the trust families place in their children’s school.
For leaders, this can feel daunting. You’re already balancing curriculum, budgets, and staff — and now you’re accountable for cyber resilience, too. But you don’t need to be a technical expert. What matters is asking the right questions, setting clear expectations, and modelling the behaviours that keep your school safe.
Here are five questions every school leader should be asking right now:
1. When did we last audit our devices?
Why it matters: Outdated laptops and desktops without security updates create easy entry points for attackers.
Ask yourself: Do we know which devices are unsupported — and do we have a phased plan to replace or upgrade them?
2. How strong are our password practices?
Why it matters: Simple or reused passwords make it easy for attackers to break in.
Ask yourself: Do we have clear rules for strong passwords — and can staff reset them quickly without losing teaching time?
3. Are our staff confident in spotting phishing attempts?
Why it matters: One click on a malicious link can compromise the whole network.
Ask yourself: When did staff last receive cyber awareness training, using real examples they’d actually recognise?
4. Is multi-factor authentication (MFA) enabled on our key systems?
Why it matters: Without MFA, a stolen password can give attackers full access.
Ask yourself: Is MFA required for systems holding pupil and staff data — and if not, what’s holding us back?
5. Do staff know what to do if something goes wrong?
Why it matters: When incidents aren’t reported quickly, small breaches can turn into big ones.
Ask yourself: If a staff member suspected a breach tomorrow, would they know exactly who to call and what to do first?
Moving from Questions to Action
Asking these questions is the first step. The next is being confident in your answers. And that’s where leaders don’t have to go it alone.
Sometimes it helps to have a critical friend — someone to challenge your approach, sense-check your digital strategy, and help your SLT meet the DfE’s Digital and Technology Standards without adding extra workload.
Learn More at Our Free In-Person Event
5 Essential Cyber Security Steps Every School Leader Should Know
Date: Monday 13 October · 1–2 pm
Location: Colmers School and Sixth Form College, Bristol Road South, Rednal, B45 9NY
Led by Concero’s CTO Matthew Setchell, COO Hayley Rock, and CXM Charlotte Butler, this session gives school leaders practical, non-technical steps to strengthen cyber resilience.
This is one not to miss — or to share with your team.