School Cyber Risk Assessment: How Does Your School Measure Up Against DfE Standards?
Use our free interactive assessment to see how your school or trust measures up against the DfE Cyber Security Standards and NCSC guidance. 18 questions across six categories — access control, devices, data protection, backup, email security, and staff awareness. Get an instant score and a clear picture of where your school's gaps are. The assessment takes around five minutes and requires no technical knowledge to complete.
The DfE Cyber Security Standards (January 2023) require governors to ensure schools meet defined requirements across five domains. This tool shows where your school stands.
What the Assessment Covers
The School Cyber Risk Assessment covers six core areas directly mapped to the DfE Cyber Security Standards and NCSC guidance:
- Access Control: MFA deployment, account separation, and leavers process
- Devices and Endpoints: device inventory, patching, and endpoint protection
- Data Protection and GDPR: ROPA, breach procedures, and DPO appointment
- Backup and Recovery: offsite backup, restore testing, and MIS backup
- Email and Web Security: email filtering, DMARC, and web filtering
- Staff Awareness: phishing training, policies, and incident reporting culture
How to Use Your Results
Your assessment score gives you a clear starting point for planning your cybersecurity improvements. Score bands help prioritise: - **85-100% Strong**: your school has solid foundations — focus on documentation quality and evidence for DfE and governor reporting - **65-84% Developing**: you have some controls in place — identify and close the specific gaps the assessment highlights - **40-64% Significant Gaps**: structured remediation is needed — prioritise MFA, backups, and email security as immediate actions - **0-39% Critical Risk**: your school is at serious risk of a preventable cyberattack — seek immediate support Enter your email to receive a copy of your results with recommended next steps for your specific gap areas.
Why This Assessment Matters
The DfE Cyber Security Standards (January 2023) make governors personally accountable for ensuring their school meets defined cybersecurity requirements. Ransomware attacks have taken Harris Federation's 50 schools offline for weeks and contributed to Lincoln College's permanent closure. Most schools that suffer serious attacks did not know their gaps existed until it was too late. This assessment takes five minutes and can identify the critical gaps before an attacker does. It is the first step in a DfE standards compliance programme, not the last.
After the Assessment: Getting Help
Kyanite Blue works with schools, multi-academy trusts, and further education colleges to close the gaps the assessment identifies — through tools including Coro (endpoint protection, email security, identity management), Hadrian (attack surface monitoring), and Panorays (EdTech vendor risk). Our Collective IP managed service provides ongoing security monitoring without requiring in-house security expertise. Book a free call with our education security team to discuss your results and the practical steps your school can take within your budget.
Frequently Asked Questions
Is this assessment the same as the NCSC Schools Cyber Health Check?
No — this is a Kyanite Blue tool designed to provide a quick, accessible starting point for UK schools. The NCSC Schools Cyber Health Check is the official NCSC assessment and is also free. We recommend using both: our tool for an immediate picture of your posture, and the NCSC tool for a more comprehensive official assessment that you can share with governors and in DfE reporting.
Who should complete the school cyber risk assessment?
The assessment is designed to be completed by the headteacher, business manager, IT lead, or designated safeguarding lead — anyone with oversight of the school's IT and data protection arrangements. You do not need to be technical to answer the questions. For some questions (particularly around backup and email security configuration), you may need to check with your IT provider.
Does the assessment store our answers?
If you provide your email address at the end of the assessment, your results and answers are submitted to Kyanite Blue so we can send you a copy of your report and follow up with tailored recommendations. If you do not provide an email, your answers are not stored beyond the session. We do not share your assessment data with third parties.
Book a call to discuss your assessment results
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.