Gone Phishing: your guide to this summer’s number one cyber threat
Phishing is the number one cyber attack method. It takes many forms; email, voice, SMS, and the most effective attacks are designed to look completely legitimate.
Cyber criminals increasingly target UK schools, especially during the summer holidays. System 15 Director Nick Rowntree, highlights the rising frequency and impact of cyber-attacks along with the practical steps schools can take to protect themselves.
Cyber criminals increasingly target UK schools, especially during the summer holidays. This makes cyber security a critical concern for School Business Managers. This guide, written by System 15 Director Nick Rowntree, highlights the rising frequency and impact of cyber-attacks along with the practical steps schools can take to protect themselves.
We had our first call out of the summer term on the first day back after the May half term holiday.
At 8am, we got the phone call; the internet was down across an entire school site, less than an hour before the new term was due to start.
Fortunately, we were able to be on site within 15 minutes. By the time the children were walking through the gates, everything was back up and running.
Schools don’t get to have a bad technology morning and shrug it off. The pressure on staff is real, but this was a relatively minor incident and a relatively quick fix. But imagine if this call out had been for something far more sinister.
Right now, while teaching staff are thinking about end-of-year reports, exams, sports days and winding down for a well-earned summer break, cyber criminals are doing something else entirely.
They’re planning, they’re watching and most likely identifying schools, just like yours,that are the most attractive targets in the UK.
We aren’t in the business of scaremongering. The scenario we describe in this blog is based on government data, national cyber security bodies. There have also been a string of high-profile attacks on British schools over the past two years. As a School Business Manager (SBM), cyber security may not sit at the top of your to-do list, but the consequences of an attack will land squarely on your desk.
In our latest guide, here’s what you need to know, and what you can do about a cyber-attack this summer.
The UK Government’s Cyber Security Breaches Survey 2025 makes for uncomfortable reading. Six in ten secondary schools experienced a cyber breach or attack in the last twelve months. This is well above the UK business average of 43%. Primary schools aren’t far behind, with 44% reporting incidents.
And, remember, these figures are only the attacks schools actually identified or reported. The real figure is almost certainly higher.
The year before was worse. In 2024, 71% of secondary schools reported a breach or attack. This puts schools closer to large businesses in terms of exposure, but without access to anything like the same resources needed to mount a robust response.
The most common method of attack? According to the same survey, in schools that experienced a breach, 89% reported phishing as the attack type. This type of attack could be in the form of a convincing email, a fake invoice or an urgent voice message sent to a member of staff that appears to come from a trusted supplier, a colleague or even the Department for Education, demanding some sort of urgent action. Its nature and familiarty meaning it is still the most likely way cyber criminals get in.
The timing of these attacks should also concern every SBM in Gloucestershire. The well-earned summer break isn’t a quiet period for cyber threats. It’s actually peak season.
Cyber-attacks on UK education spike by 40% in summer, with July and August consistently flagged as the most vulnerable months.
In July 2024, Lancaster Royal Grammar School was among several high-profile institutions hit by a coodinated ransomware attack. Just weeks later, in August 2024, over 650,000 email records were exposed following phishing attacks timed perfectly for the moment before staff returned to work.
A case within a Blackpool school from the same period illustrates just how devastating these attacks can be in practice. A ransomware attack that hit the Fylde Coast Academy Trust, brought down IT infrastructure across all ten of its schools. Staff were unable to use computers, printers, or digital teaching resources.
A significant ransom was demanded, and the Trust was forced to hire specialist cyber security firms and work directly with the Department for Education to begin its recovery.
Let’s be clear, attackers are deliberate, not opportunistic and the summer is a proven window for causing maximum damage.
When schools wind down, IT support is reduced or absent. This means monitoring systems go unwatched and response times slow dramatically. There are no teachers in classrooms to notice something is wrong with the network, while a skeleton staff on site means alerts go unchecked. And critically for SBMs the summer is also a period of significant financial movement. Bills are settled, new contracts are signed and budgets for the coming year are agreed.
Criminals follow the money. A well-timed phishing email to a busy administrator handling invoices in late July is a highly effective attack vector.
The summer is not downtime for hackers; it is their busiest season.
Schools aren’t collateral damage. They’re deliberate targets, for several clear reasons.
Sensitive data: Schools hold an extraordinary volume of personally identifiable information including; student records, medical details, safeguarding notes, parent contact data, financial information, staff records going back years. This data has significant value when used for fraud, identity theft, or blackmail.
Limited resources: Budget pressures in schools are well-documented. Cyber security spending is rarely a priority when the choice is between a new firewall and keeping the heating on. According to the Cyber Security Breaches survey, only 37% of primary schools and 44% of secondary schools have comprehensive malware protection in place. In addition, fewer than half of secondary schools are even familiar with NCSC guidelines.
Outdated systems: Many schools are running legacy IT infrastructure or a myriad of interconnectred software that hasn’t been updated in years. Unpatched systems and unsupported software are open doors for attackers.
No dedicated security team: Most schools don’t have in-house IT expertise, let alone a dedicated cyber security function. When an attack happens, there is often no one on site who knows what to do.
The result is that schools have become a high value, soft target; organisations that hold valuable data, can’t afford to be offline and are unlikely to have the defences to stop an attack.
The NCSC’s guidance for schools is clear. It starts with the basics; strong password policies, multi-factor authentication, regular software updates, staff training and offline data backups. These aren’t complicated steps, but they do require consistent attention and in most schools, no single person has the time or expertise to maintain them all.
This is where a Managed Service Provider (MSP) can add real value to any local school.
An MSP can act as an external technology partner that manages your school’s IT infrastructure. From network monitoring and device management to cyber security, cloud services and help desk support.
Rather than waiting for something to go wrong, a good MSP works proactively. They can evaluate risks and identify and patch vulnerabilities before they’re exploited. They continuously monitor for suspicious activity, even out of term time, can run staff awareness training and will have a tested response plan ready if the worst does happen.
Crucially, proactive cyber protection requires 24/7 monitoring, not just during the school day or even just term time, but on weekends, during half terms and crucially throughout the summer holidays. That kind of continuous coverage is simply not possible with a part-time IT technician or a Pay as you go IT support arrangement. It requires a dedicated team.
Managed services also make strong financial sense. Partnering with an MSP can reduce school IT costs by up to 30% compared with managing systems in-house. Plus you gain access to a team of specialists without the overhead of employing them directly.
For an SBM working with tight budget constraints, this makes a compelling argument.
Most schools run more software than they realise and the connections between those systems are where attackers look first. Third-party integrations, in particular, are an increasingly common entry point. At System 15 we audit your full technology set up, close the gaps, and keep everything monitored and up to date.
Summer 2026 is here. The window when your school is most vulnerable is close. Here are three immediate steps worth taking before the end of term:
Review who has access to what systems: Ensure that admin credentials are unique, strong, and protected by multi-factor authentication. Remove access for any staff who have left.
Check your backup position: Do you have recent, tested, offline backups of your critical data? If an attacker encrypted your systems tomorrow, could you recover without paying a ransom?
Get an honest assessment of your IT coverage: If your current IT support is reactive and you can only really call them when something breaks, it’s worth exploring what proactive, managed support would look like for a school your size.
Cybercriminals are already planning for your summer holidays. The question is whether you are too.
System 15 works with schools and Multi-Academy Trusts across Gloucestershire providing practical, affordable cyber security and IT management.
If you’d like to understand what managed IT support could look like for your school, get in touch with our team.
System 15
Kestrel Court
Waterwells Business Park
Quedgeley, Glos. GL2 2AT
System 15
Kestrel Court
Waterwells Business Park
Quedgeley, Gloucester, Gloucestershire. GL2 2AT
© 2026 System 15 Limited. VAT No: GB213094736. Company Reg. No: 9533674
Website by Lounge