Managing the safety of students is critical for the education system, whether it is through maintaining mental health to protecting students from potential cyber-attacks – often support services have been lacking.
At higher education institutions, it is vital that the right help and support is available to meet the needs of both staff and students.
Universities UK, the representative body for UK universities, has said higher education institutions need to put in place appropriate action and contingency planning to manage crises and risks associated with mental distress and illness.
Rates of anxiety and depression in young people have increased by 70% over the last two decades, according to a Royal Society for Public Health report.
Higher education institutions have a duty of care to protect the safety, health and wellbeing of their students, and this includes the provision of services to help their mental wellbeing. Failure to meet this duty of care also brings further reputational risk to the institution.
A study by the Institute for Public Policy Research (IPPR) found there has been a fivefold increase in the number of students who declare a mental health condition to their institution over the past decade, with levels of suicide by students increasing in recent years.
In the event of student suicide, Universities UK has identified several steps higher education institutions can take to best manage the crisis. These include sensitive handling of family and friends, effective communications work and appropriate liaison with authorities as well as longer-term work with students and staff. The burden on university leadership teams should not be underestimated; the representative body warns.
Institutions are taking additional steps where appropriate, to better manage the risk. At the University of Bristol, an opt-in scheme has been introduced that asks freshers to give consent for university staff to share significant concerns with their guardians. The scheme was introduced after 11 students took their own lives at the university since 2016.
Looking forward to the future, the way in which higher education institutions are able to manage these risks will be enhanced by emerging technology. A more comprehensive range of individual and personalised technological mental wellbeing support apps and tools are expected to emerge as start-ups see the opportunities on offer in this field.
An increasingly systematic approach to data sharing could feed into an early alert or warning system to detect changes in behaviour. Data flow from day one in school to university could provide data points around the individual educational journey of a student in order to identify outlier behaviour and raise a digital flag where needed.
The use of companion robots to support students’ learning, social and emotional needs is another possibility – this has already been trialled for children with an autism spectrum disorder.
As technology has become a more prominent feature in higher education, the private information of individuals has become a target for cyber attacks. In 2018 it was reported that university research projects had been targeted more than 1,000 times by cybercriminals. A lack of suitable provisions will leave students and staff vulnerable.
The Higher Education Policy Institute (Hepi) recently published a report in conjunction with Jisc, investigating the effectiveness of ethical hackers against IT security in more than 50 universities in the UK. The hackers had a 100% success rate in getting through institutional cyber-defences. Furthermore, the ethical hackers were able to reach personal information of staff and students as well as override financial systems within two hours.
The most effective hacking approach was “phishing” where hackers duplicate an email from a trusted source requesting sensitive information, such as banking details. The victim can willingly provide passwords or payment information that the hackers.
John Chapman, head of Jisc’s security operations centre, said, “we are not confident that all UK universities are equipped with adequate cyber-security knowledge.” Cyber resilience should not be contained within the IT department. The issue requires an organisation-wide shift which assesses all aspects of security from regulation to communication and employee education.
Technology, in its nature, is continually evolving, as is the threat from cybercriminals. If universities make cybersecurity a priority now, they will be well placed to protect the open-access culture that thrives within the UK higher education system.
It is crucial that those in higher education continually assess and improve their security capability and for higher education leaders to take the lead in managing cyber risk to protect students, staff and valuable research data from the growing threat of attack.
Evolution of mental health and cybersecurity systems within higher education is uncertain but using technology to enable a pathway of more effective risk management will be a step in the right direction. The creation of a safe and secure digital environment for institutions will open more channels of communication for students, parents and university staff.
Published date: 26th March 2019
This article and related document links do not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Risk Management Partners cannot be held liable for any errors, omissions or inaccuracies contained within the article and related document links.
Readers should not act upon (or refrain from acting upon) information in this article and related document links without first taking further specialist or professional advice.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority.
Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW.
Registered in England and Wales. Company no. 2989025
Risk Management Partners Limited is the data controller of any personal information you provide to us or personal information that has been provided to us by a third party. We collect and process information about you in order to arrange insurance policies and to process claims. Your information is also used for business purposes such as fraud prevention and detection and financial management. This may involve sharing your information with third parties such as insurers, reinsurers, other brokers, claims handlers, loss adjusters, credit reference agencies, service providers, professional advisors, our regulators, police and government agencies or fraud prevention agencies.
We may record telephone calls to help us monitor and improve the service we provide. For further information on how your information is used and your rights in relation to your information please see our privacy notice at https://rmpartners.co.uk/privacy-policy. If you are providing personal data of another individual to us, you must tell them you are providing their information to us and show them a copy of this notice.