AI and Cybersecurity: A guide for schools and trusts

82% of schools were hit with a serious cyber incident in the last 18 months. Phishing in education rose 224% after AI writing tools became widely available.

The attacks haven't changed shape. The same phishing emails, the same fake invoices, the same calls from 'Finance'. What's changed is how convincing they are, and how fast attackers can produce them. The spelling mistakes and odd phrasing that your staff was trained to spot? Mostly gone.

Why you should download this guide

Phishing simulations only work when they're run strategically, ethically, and with the kind of follow-through that turns a one-off 'test' into a lasting habit. Here's what's inside:

An honest look at what's changed

A plain-English breakdown of how AI tools are being used to write phishing emails, clone voices, and run social engineering at a scale that wasn't possible two years ago. No scare tactics, no jargon.

The four attack types AI is amplifying most

Phishing, ransomware, social engineering, and the new one most schools aren't ready for yet: vishing. We cover what each looks like in 2026, and the practical signals your staff should be trained to spot now.

How the same tools work for your defense

Adaptive phishing simulations, AI-assisted policy work, smarter awareness training, and benchmarking against the standards that matter for your territory. The same capabilities that make attackers faster are also making schools safer.

Practical steps to get started

A prioritised running order for the steps you can take, wherever you are in your cybersecurity journey. Start with the move that gives you the biggest risk reduction for the smallest spend, and build from there.

Putting this guide to work

A guide is only useful if it changes something. Here's how each part maps to a practical move in your school.

Spot the new generation of phishing

Old advice told staff to watch for typos and weird sender addresses. New advice teaches them to watch for unusual requests, manufactured urgency, and pressure to bypass normal processes. The guide gives you the language to bring this into your next staff briefing.

Get vishing protocols in place

A written, shared verification protocol stops most voice-cloning attacks dead. The guide gives you a starting template covering financial transactions, credential requests, and any unusual ask from someone claiming to be leadership.

Run simulations that match the real threats

Static phishing simulations don't reflect what AI-assisted attackers are actually sending. Adaptive Phishing, included in our Assisted package, adjusts difficulty based on how each staff member is doing, so training meets people where they are.

Show governors and budget holders the progress

Cyber score turns a long list of standards into a single benchmark you can track. It also gives you the numbers you need for board papers and budget conversations, instead of arguing from gut feel.

Get started for free

With our Foundations tier, you can start implementing cybersecurity as a school-wide priority through cyber score!

Alternatively, you can get started right away with the full experience with our cybersecurity packages.

Get started for free See our packages

AI and Cybersecurity

How artificial intelligence is reshaping both sides of the fight