The UK’s Information Commissioner’s Office (ICO) has issued a disturbing warning to parents and teachers. Students are driving the majority of cyber breaches in schools. Out of 215 reported incidents, 57% were committed by students.
The report states that a growing number of kids are hacking into schools for a variety of reasons. A dare, money, notoriety, rivalries and revenge are some of the most common reasons. Many students succeed in hacking by guessing weak passwords, or by finding login info written down somewhere. There is a small number of incidents (5%) where students used more advanced techniques to bypass security protocols. Some students have even admitted to being a part of hacking forums online.
The Tech Gap Between Students and Adults
This problem is more of a generational one. It’s common for kids and teens to be more tech savvy than the adults around them. What little knowledge their parents or teachers might have about computers is probably outdated. Tech is constantly evolving, growing into something new, different from how it was during the 90s or even the 2010s. Meanwhile, students are growing up fluent in using digital tools, social media platforms. Unfortunately, we can add exploits to the list.
The ICO’s report is a wake up call showing how dangerous that is. Schools don’t treat cybersecurity as seriously as they treat fire drills. They often lack the training and resources to protect themselves. Nearly a quarter of breaches were because of teachers giving students access to their devices. Others involved staff using personal devices for work, or allowing access to sensitive systems like Microsoft SharePoint.
Younger generations are learning how to break into the technology that defines our lives. Meanwhile, their parents, grandparents or teachers barely know how to use it.
How Will This Hacking Crisis Affect Students?
The ICO warns that if left unchecked, school hacking can set a dangerous precedent. What starts with pranks is blurring their interpretation of what is considered criminal behavior. Some students may decide to hack into organizations or critical infrastructure. Others may expose sensitive data that could endanger their victim.
“Children are hacking into their schools’ computer systems and it may set them up for a life of cyber crime,” the report reads.
The fact that revenge and money were listed as motivation is alarming. How many kids are hacking into their schools because they were mad at their teachers? What if they’re desperate for money and were looking for something they could sell? What seems like fun now could have devastating consequences for students and society.
Building Cyber Resilience in Schools
How do schools, with limited budgets and staff, fight back? The answer isn’t just hiring more IT specialists. It lies in creating a culture of cyber awareness.
Mandatory training for staff: Teachers and administrators need mandatory training in cybersecurity. This isn’t about turning them into experts but to encourage better habits. Using strong passwords, updating devices, recognizing risks, etc.
Digital literacy for parents: Families need support, too. Schools should host workshops or share resources that teach parents to take digital literacy seriously.
Empowering students: The same students breaking into systems could be part of the solution. Schools can channel curiosity into constructive skills. Introducing digital citizenship lessons, peer-led cyber clubs, or led ethical hacking challenges is a start.
Simple security hygiene: Schools don’t need to reinvent the wheel. Cyber Essentials and managed services from government-backed networks like NCSC’s CyberFirst provide scalable, low-maintenance protections.
Strict punishments: Schools need to update their policies on how to punish students who hack into their systems. Hacking is illegal and students need to face the consequences for their little “pranks”.
The rise of student-led hacks in UK schools is a warning about the future. If parents and teachers continue to fail to understand technology, things will only get worse. Cybersecurity can no longer be treated as optional. It has to become as foundational to education as reading, writing, or math. Students will keep hacking their schools. Can the adults around them figure out how to stop them?
