Why Aren’t We Teaching Cybersecurity in Schools – And What’s the Impact?

Our lives revolve around technology, from social media to online banking, we’re more connected than ever. However, while young people are growing up as digital natives, there’s one area where education is falling behind – cybersecurity. Shockingly, many schools in the UK and across Europe still don’t include proper cybersecurity lessons in their curriculum. But why is this the case, and what impact is it having?

The Gap in Education

Despite cyber crime being one of the fastest-growing criminal activities worldwide, cybersecurity education is not a priority in many schools. According to a report by the UK Government, less than 35% of schools offer dedicated lessons on cybersecurity. Instead, basic IT classes focus on word processing, internet research, and using software – all important, but far from the skills needed to protect oneself online.

This gap is particularly concerning given that young people spend more time online than ever before. In the UK, the average 12-15-year-old spends over 20 hours a week online, yet many are unaware of how to protect themselves or their data. Without proper education, they are at risk of falling victim to cyber attacks, scams, and even getting involved in illegal activities like hacking.

The Consequences of Poor Cybersecurity Education

The lack of cybersecurity education is having a noticeable impact, and it’s not just about individual safety. The repercussions are being felt at a societal level.

1. Young People Are Vulnerable to Cyber Threats With more personal information being shared online through social media, apps, and digital services, young people are prime targets for cyber criminals. Many fall victim to identity theft, phishing scams, or data breaches, often because they don’t know how to spot the warning signs. A survey by UK cybersecurity firm Cyber Aware found that 52% of teenagers in the UK don’t know how to protect their personal information online.
2. Fueling Youth Cyber Crime As discussed in our previous blog, the average age of a cyber criminal in the UK is just 17. Without education around responsible internet use and cybersecurity ethics, young people are more likely to experiment with hacking, either out of curiosity or for financial gain. Schools are missing a crucial opportunity to teach young people how to use their tech skills legally and responsibly. 70% of youth hackers said they didn’t know the legal consequences of cyber crime before committing it, according to the National Crime Agency (NCA).
3. A Widening Skills Gap in Cybersecurity While the digital landscape is evolving, the workforce isn’t keeping up. Across Europe, there’s a growing skills gap in cybersecurity. The European Union Agency for Cybersecurity (ENISA) estimates that by 2025, Europe could face a shortage of 160,000 cybersecurity professionals. With cyber threats on the rise, companies are struggling to find skilled workers to protect their systems. Schools aren’t preparing students for these critical roles, leaving a massive talent gap in the industry.
4. Limited Digital Literacy Beyond cyber crime, digital literacy plays a huge role in how we engage with technology. Without proper training, young people aren’t equipped to critically assess information online, avoid misinformation, or secure their own data. In an age where digital skills are essential for both personal and professional life, this is a major disadvantage.

Why Aren’t We Teaching Cybersecurity?

So, why aren’t schools addressing this urgent need for cybersecurity education? There are a few key reasons:

1. Outdated Curriculums Many schools are working with outdated IT curriculums that haven’t caught up with the rapid developments in technology. Cybersecurity is seen as a specialist topic, despite its relevance to everyday life, and is often left out of general IT lessons.
2. Lack of Teacher Training Many teachers feel unprepared to teach cybersecurity because they haven’t received adequate training themselves. A study by the British Computing Society found that 60% of teachers in the UK felt underqualified to teach advanced IT topics, including cybersecurity.
3. Limited Resources Budget constraints and a lack of resources mean many schools struggle to incorporate new subjects into their already packed curriculums. Cybersecurity education, despite its importance, often takes a backseat to more traditional subjects.

?

What Needs to Change?

To close this gap, we need to rethink how cybersecurity is taught in schools. Here are a few ways to address the issue:

1. Make Cybersecurity a Core Subject Cybersecurity should be integrated into the national curriculum as part of digital literacy. Basic concepts like online safety, protecting personal data, and understanding cyber threats should be taught from a young age, gradually building up to more advanced topics as students get older. Countries like Estonia are already leading the way, incorporating cybersecurity education into their national curriculum.
2. Train Teachers Teachers need the tools and training to feel confident in delivering lessons on cybersecurity. Governments should invest in teacher training programmes that focus on modern technology skills, including cybersecurity. By equipping educators with the knowledge they need, we can ensure that students receive up-to-date and practical lessons.
3. Partnerships with Industry Schools should partner with the tech industry to provide students with real-world insights into cybersecurity. Initiatives like the CyberFirst programme in the UK are helping young people explore careers in cybersecurity through competitions, work placements, and educational resources.
4. Raise Awareness for Parents In addition to schools, parents play a key role in teaching their children about cybersecurity. Schools should provide parents with resources and guidance to help reinforce these lessons at home.

?

Final Thoughts

As technology becomes more central to our lives, the lack of cybersecurity education in schools is leaving young people vulnerable to both online threats and the temptation to commit cyber crime. By not addressing this issue, we’re not only putting students at risk but also missing an opportunity to prepare them for one of the most in-demand career fields.

It’s time to rethink how we approach cybersecurity in education – because it’s not just about teaching IT; it’s about protecting the next generation.