What happened
Great Marlow School in Buckinghamshire, England, sent the majority of its students home for the second day in a row after a cyberattack affected its ICT systems.
The school, which has 1,428 pupils according to the Department for Education, said it would remain closed while it worked with specialist IT and cybersecurity professionals to resolve the issue.
Only students sitting GCSE and A-Level external examinations were allowed to attend. All other year groups were advised to stay at home.
Headteacher Guy Pendlebury said the school was responding to the incident in line with guidance from the Department for Education and the National Cyber Security Centre. He also said the safety and well-being of students, staff, and the wider school community remained the school’s highest priority.
The nature of the incident affecting Great Marlow School has not been confirmed.
The incident comes amid broader concern about cyberattacks affecting schools. Data from the UK’s Information Commissioner’s Office recorded 1,959 cyber incidents affecting the education and childcare sector between 2019 and 2025. The highest single year in that dataset was 2023, when 354 incidents were recorded.
The latest figures for school attacks cover 2025, when 259 incidents were reported to the ICO. Both the ICO and the National Cyber Security Centre have expressed concern that ransomware victims are increasingly keeping incidents secret.
Who is affected
Great Marlow School students, staff, parents, and the wider school community are directly affected by the incident.
Most students were sent home, while those sitting GCSE and A-Level external examinations were permitted to attend. The closure disrupted normal school operations while the school worked with external IT and cybersecurity professionals.
The broader education sector is also affected by the trend. Schools, colleges, and education providers continue to face cyber incidents that can disrupt learning, affect exams, and create pressure on already stretched administrative and IT teams.
Why CISOs should care
This incident shows how cyberattacks can cause immediate operational disruption in education environments. Even without confirmed details about ransomware, data theft, or the attack method, the impact was serious enough for the school to send most students home and limit attendance to exam candidates.
For CISOs, the case reinforces the importance of business continuity planning for schools and other organizations with daily operational obligations. A cyber incident affecting ICT systems can quickly become an attendance, safeguarding, communications, and continuity issue, not just an IT problem.
The broader reporting data also matters. The education and childcare sector recorded 1,959 cyber incidents between 2019 and 2025, with 259 incidents reported in 2025. Security leaders supporting education environments need incident response plans that account for limited staffing, public communication, student safety, exams, and regulatory reporting.
3 practical actions
- Prepare continuity plans for ICT outages during school operations: Great Marlow School sent most students home while allowing exam candidates to attend. Education organizations should define which services must continue during an ICT outage, how attendance decisions will be made, and how exams or critical activities will be protected.
- Coordinate incident response with education and cyber authorities: The school said it was responding in line with Department for Education and National Cyber Security Centre guidance. CISOs should ensure school incident response plans include escalation paths to relevant government, education, cyber, and data protection authorities.
- Build communication plans for parents, staff, and students: The incident required the school to tell most students to stay home while keeping exam candidates informed separately. Schools should prepare communication templates and channels for closures, partial attendance, exam exceptions, and updates during cyber incidents.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.