Almost a quarter of UK nurseries (23.4%) have suffered a data breach in the last 12 months, according to respondents of a new survey by Connect Childcare and dot2dot Nursery Insurance.

The admission comes despite overall good and improving practice in cyber security across the early years sector, with 70% of respondents reporting that they were confident or very confident in staff training and knowledge of data security.

A total of 137 nursery managers and owners across the UK filled in a detailed, anonymous survey revealing their worries about keeping children and families’ sensitive data safe. 

Key findings

• 25.5% of respondents felt they did not have an effective Data Breach Management Plan and process in place
• 45.3% of key personnel continued to log accidents on paper, for example in an accident book, which could be vulnerable to loss or destruction
• More than half (53.3%) stated default passwords were in use for systems and devices handling CRM, online payments, parent interface, accounts, HR, anti-virus, data back-up, and children’s milestones.

Other, more encouraging, findings revealed over three quarters of nurseries (76.9%) have a dedicated staff member who is responsible for IT policies and data security. 

77.4% said their workplace had a Business Continuity Plan, although 17% of respondents said this document did not cover cyber incidents or data breach losses.

Chris Reid, chief executive and founder of Connect Childcare, the sector’s leading nursery management software provider, said: ”Cyber security is clearly a significant worry for many nursery owners and managers. 

“Several reported the threat of ransomware attacks, falling prey to scam emails and theft of data kept them awake at night.”

Unwittingly breaching data regulations, staff knowing what to do if that were to happen, and the stress of handling such matters in house, are also major concerns. The potential for human error — or even a ‘mole’ inside a workplace — were among the possibilities highlighted.

Jackie Hyde, managing director of nursery insurance specialist dot2dot said: “Though there is clearly a lot of good practice, and procedures are improving, there is definitely room to do better, and protect data more effectively. According to a leading UK cyber insurer, fewer than 10% of UK companies purchased cyber cover last year and many are not aware of the significant risk cyber poses to their business.”

Findings underline the importance of staff training in Data Security and Compliance, and indeed the benefits of using an integrated nursery management software.

This was clearly recognised by 80.3% of respondents who reported using nursery management software to help protect data — leaving 19.7% who cope with this responsibility inhouse.