In 2021, the Harris Federation—one of the UK’s largest multi-academy trusts—was hit by a devastating cyber attack. The hackers demanded $4 million in cryptocurrency, threatening to double it if not paid within 10 days. But this wasn’t a financial institution or tech giant—it was a group of 55 schools, educating mostly disadvantaged children.
The story, as told by Sir Dan Moynihan on BBC Radio 4’s Today Programme, reveals something critical: schools are not just collateral damage in the cyber war—they are becoming prime targets. And the risks aren’t theoretical.
When Everything Stops Working
“We lost access to teaching materials, lesson plans, registration systems,” Moynihan recounted. “Our phone systems went out. We lost medical records, fire systems. In some schools, we weren’t able to pay bills. We couldn’t pay our staff.”
The attack paralysed the Federation’s ability to function. With over 30,000 devices infected, the clean-up operation took three months and cost around £750,000.
What’s most sobering is the kind of infrastructure affected. This wasn’t just email or admin software—it included:
-
Medical records
-
Fire safety systems
-
Staff payroll
-
Telephone networks
-
Emergency contact systems
In short, everything that keeps a school running and its pupils safe.
Cyber Tzar has seen these kinds of systemic risks surface repeatedly in digital audits for public sector and education clients—because modern schools now rely on a deeply interconnected, digital-first infrastructure.
Schools as Soft Targets
Unlike banks or corporations with dedicated cybersecurity teams, most schools operate on tight budgets and legacy IT systems. That makes them tempting targets for cybercriminals. And because they’re part of a regulated public sector, some attackers assume there’ll be pressure to resolve incidents quickly—even to pay.
But the Harris Federation took a different stance.
“We were clear from the beginning: we were not going to pay,” Moynihan said. “The money we have is for disadvantaged young people… Had we paid, we’d have opened the door for other school groups to be attacked.”
Lateral Movement and Hidden Threats
Perhaps the most alarming point Moynihan raised was how infections spread.
“As soon as this stuff gets into your system, it moves laterally,” he warned. “It tries to copy itself everywhere.”
That’s why the Federation’s first response was drastic but necessary: switch everything off. In today’s digital schools—where cloud services, smart boards, biometric sign-ins, and networked security are commonplace—that kind of total shutdown is deeply disruptive, but sometimes essential.
At Cyber Tzar, our platform enables schools and trusts to map their digital estate, highlight lateral movement risks, and identify which systems are critical to protect first. It’s about getting ahead of the breach—not reacting after it’s too late.
What This Means for School Leaders
Cybersecurity in education can no longer be dismissed as a technical issue. It is an operational, safeguarding, and reputational concern. The attack on the Harris Federation underlines the real-world impact:
-
Pupils left without access to teaching
-
Parents unable to contact schools
-
Emergency systems rendered useless
-
Personal and sensitive data potentially compromised
A modern school’s infrastructure is only as resilient as its digital backbone—and few have the visibility or controls they need without external support.
The Path Forward: Resilience by Design
Schools must move beyond reactive IT support and embrace a mindset of cyber resilience. That means:
-
Investing in secure, well-maintained systems
-
Training staff to spot phishing and social engineering
-
Regularly backing up critical systems offline
-
Including cybersecurity in safeguarding and risk management policies
-
Working with specialists who understand the education sector and its specific risks
This is where Cyber Tzar comes in—supporting schools and multi-academy trusts with targeted tools that reduce digital risk, assess third-party exposure, and benchmark resilience in real time.
When incidents occur, transparency matters. Clear communication with parents, staff, and regulators can make all the difference. But real confidence comes from preparation, not improvisation.
Conclusion
The fire alarms didn’t work. The phones didn’t ring. The payroll didn’t run. For three months, a leading education provider scrambled to rebuild itself digitally.
Sir Dan Moynihan’s story isn’t just a cautionary tale—it’s a call to action. Because the next time a school’s fire system fails, it might not be a drill. It might be a line of code.
Cyber Tzar helps education leaders take proactive control of their digital risk—before someone else does.
If you’re ready to understand your exposure and build true operational resilience, we’re ready to support you.
👉 Learn more at www.cybertzar.com
