Overview

• An ICO analysis of 215 insider breach reports from January 2022 to August 2024 found students responsible for 57% of cases in UK education settings.
• About 30% of incidents involved stolen or guessed credentials, with students accounting for roughly 97% of those unauthorized logins.
• Poor practices featured heavily: 23% tied to unattended or misused staff devices, 20% to data sent to personal devices, and 17% to misconfigured access controls.
• Only 5% of reported insider incidents used sophisticated techniques to bypass security, underscoring the need for basic cyber hygiene.
• Case studies included three Year 11 pupils accessing data on more than 1,400 students using downloaded tools and a separate breach where a student altered records for over 9,000 people, while the NCA’s Cyber Choices program has even seen a referral of a seven-year-old.