Advanced report shows education sector is not taking security seriously enough and doesn’t know if it is subject to GDPR
Over one in four (27%) education establishments in the UK are unprepared for a cyber-attack, and almost half (47%) don’t know if the General Data Protection Regulation (GDPR) will affect them. That is according to the Advanced Trends Report 2017, the second national survey to be commissioned by British software and services company Advanced polling over 1,000 UK organisations.
Worryingly, the findings are higher than the national business average of 18% and 38% respectively – suggesting that education is lagging behind in preparation for the challenges ahead. The sector is leaving itself open to the clear and present danger of a cyber-attack and, just like every other sector, will be liable to hefty fines for non-compliance of GDPR.
“These findings are really concerning and should be enough to act as a warning to education institutions,” says Nick Wilson, Managing Director – Public Sector, Health & Care, at Advanced. “The WannaCry security attack crippled the NHS in May and we can expect to see similar attacks on schools, colleges and universities unless they make data security a top priority.
“This means taking the appropriate data protection measures set out by the Information Commissioner’s Office (ICO).Any organisation that processes identifiable data on EU citizens must comply with the GDPR and, with just over six months until it comes into force, now is a good time to put data protection in order.”
Julian David, techUK’s CEO, adds: “Too many organisations are unprepared for (or unaware of) the changes that GDPR will bring and the new responsibilities placed on data controllers. Additional guidance is needed from the Information Commissioner’s Office, on how to prepare for GDPR. Similarly, senior leaders must ensure they are doing all they can to manage the changes ahead with the information already available.
“GDPR is less than seven months away and we must avoid a situation where organisations are on the wrong side of the law, and at risk of large fines, without realising it.”
On cyber security, Tom Thackray, CBI Director for Innovation, says: “Without strengthened efforts to improve cyber security the undoubted potential of the UK’s digital economy will be unfulfilled. Cyber resilience is increasingly important for all organisations and institutions across the economy. They must continue to move from awareness to action, by ensuring cyber security is a board level priority and making the right investments for their digital future.”
The survey also reveals that 65% of education organisations see Brexit as a threat. Just 4% admit to being well-prepared for any post-Brexit budget cuts. These gloomy findings are perhaps unsurprising as the education sector relies on the EU single market for overseas students, and more recently teachers – encouraging cohesion and diversity – and is therefore likely to experience a massive blow when Britain leaves the EU.
Reassuringly though, 75% of organisations have access to accurate and up-to-date information to make informed decisions. Although questions remain unanswered as to whether the data will enable them to act with pace in the changing business landscape. Having access to real-time information will be a critical factor in helping the education sector show resilience and, while 53% of employees have the right tools to do their job effectively, organisations need to bring the rest of the workforce up to speed.
The Advanced Trends Survey was carried out online in September 2017. The full Advanced Trends Report 2017 can be found here.