The British public education sector is grappling with a notable surge in cyber breaches over the past year, even though the overall threat levels in the UK have remained relatively stable. This alarming trend is detailed in the latest edition of the Cyber Security Breaches Survey 2025/2026, which was released jointly by the Department for Science, Innovation and Technology (DSIT) and the Home Office on April 30, 2026.
The report, which is founded on a combination of quantitative surveys and qualitative interviews conducted between August and December 2025, indicates that while the general landscape of cyber threats remains unchanged from previous years, there is a significant uptick specifically within public educational institutions. The findings displayed in the survey juxtapose the current results with those from the previous year’s report, published in April 2025, highlighting a worrisome trend in cyber vulnerabilities among schools.
A particularly striking point revealed in the Education Annex of the report is the increasing prevalence of cyber breaches in British primary and secondary schools. The survey shows that the percentage of primary schools reporting incidents has risen by 4% compared to previous findings. An even more dramatic increase is seen in secondary schools, where the figures jumped from 60% to an alarming 73%. Among further education colleges, 88% reported being victims of cyber breaches, a slight increase of 3% from the last report. However, the most concerning statistic emerges from higher education institutions, with the percentage of these entities reporting breaches skyrocketing from 91% to a near-universal 98% in 2026.
The educational institutions surveyed comprised a diverse range, including 273 primary schools, 222 secondary schools, 33 further education colleges, and 49 higher education institutions. Notably, private educational establishments were excluded from this analysis, complicating the broader view of the issue across the educational landscape in the UK.
In stark contrast to the worrying statistics for educational institutions, the survey revealed that other sectors did not report a significant increase in cyberattacks or crimes. The findings indicate that approximately 43% of businesses and 28% of charities experienced breaches or attacks in the last 12 months, figures that largely mirror those of the previous year’s survey.
Phishing attacks have emerged as the predominant threat facing organizations, with nearly 38% of businesses and 25% of charities falling victim to these schemes. Over the past year, a notable increase was observed in organizations reporting that they faced only phishing attacks, with this figure rising from 45% to 51%. This trend is likely attributable to the perception that phishing is becoming easier for attackers to conduct en masse. Meanwhile, more intricate threats, such as ransomware and impersonation attacks, saw a decline, with only 1% of businesses experiencing ransomware attacks during the reporting period.
Despite an overall steadiness in the frequency and number of breaches recorded, the consequences seem to be growing increasingly severe. Reports indicate a rise in businesses suffering financial losses as a result of cyber breaches, with the percentage of businesses observing a loss in revenue or share value increasing from 2% to 5% compared to last year.
One of the more startling discoveries within the report highlighted a regression in the cybersecurity preparedness of small businesses. Muhammad Yahya Patel, a Chief Information Security Officer at Huntress, expressed concern over the reversal in small business cyber hygiene, noting that key preventive measures such as conducting cybersecurity risk assessments and establishing formal cybersecurity policies have seen declines. As economic constraints tighten, Patel emphasized that preventive measures against cyber threats are often the first casualties, rendering small businesses more vulnerable at precisely the moment when cyberattacks are intensifying.
Jon Fielding, managing director of EMEA for Apricorn, corroborated Patel’s observations, suggesting that inadequate staff training remains a dire issue among small businesses, where training participation remains exceedingly low compared to larger organizations. This lack of training makes employees targets for increasingly sophisticated phishing and social engineering attacks, underscoring the critical need for greater awareness and better reporting mechanisms within organizations.
Furthermore, the uptake of the Cyber Essentials framework, which aims to bolster organizational cybersecurity, has stagnated at a mere 5% among surveyed businesses. Chris Newton-Smith, CEO of ISMS Online, characterized this figure as a missed opportunity for structured resilience, emphasizing that organizations must abandon the notion of cybersecurity frameworks as unwieldy burdens and instead recognize their potential to enhance operational discipline and security practices.
The Cyber Security Breaches Survey 2025/2026 paints a complex picture: while certain sectors remain stable, the emerging vulnerabilities within the public education sector and small businesses reveal a pressing need for improved awareness, training, and proactive defense mechanisms to combat the ever-evolving landscape of cyber threats.