Summary
- Great Marlow School said it would reopen fully on 12 June after disruption linked to an ICT incident.
- The school said cybersecurity specialists found no threat on its systems and that the matter had been resolved.
- The incident shows how suspected cyber events can disrupt education, exams, communications, and family routines.
Great Marlow School has reopened fully after an ICT incident caused disruption during the examination period, with the school saying cybersecurity testing found no threat on its systems.
The Buckinghamshire secondary school told parents, carers, and students that all pupils should attend as normal on Friday 12 June. Registration, lessons, Year 11 and Year 13 external examinations, and Year 10 and Year 12 mock examinations were scheduled to continue under normal arrangements.
Following investigation with cybersecurity specialists, the school said the situation had been fully resolved. Parents and carers of Year 10 and Year 12 students were also told to disregard earlier alternative arrangements, reflecting the disruption caused by the initial incident response.
The school’s latest update narrows the facts. The incident should not be framed as a confirmed malware compromise, data breach, or ransomware attack. What is confirmed is that an ICT-related disruption affected school operations, external specialists were involved, and the school later said no threat had been identified on its systems.
Even where no compromise is found, incidents of this kind carry operational consequences. Schools are time-sensitive environments. Attendance, safeguarding, exams, transport, catering, communications, and parental work arrangements can all be affected by a decision to restrict operations while systems are checked. The headteacher acknowledged significant disruption to students’ learning, family routines, and work arrangements.
The Great Marlow case sits in the practical space between cyber response and continuity management. Suspected malware can require isolation, forensic review, communications planning, and contingency arrangements before leaders know whether a threat is real. During that window, the effect on normal operations can be substantial.
The UK education sector is heavily dependent on digital administration. Timetables, email, exam information, safeguarding records, payment systems, learning platforms, and parent communications all sit inside or alongside school ICT. A suspected issue can therefore become a business-continuity problem even if the final forensic conclusion is reassuring.
Public communication is also difficult during early-stage cyber disruption. Schools need to say enough to help families plan, while avoiding unverified technical claims. Great Marlow’s later update did the essential work of separating disruption from confirmed compromise and stating the outcome of testing.
That distinction is often lost in breach-heavy coverage. A closure or partial closure is not the same as a confirmed attack, and a suspected malware incident is not the same as ransomware. Public wording affects how parents, pupils, staff, insurers, regulators, and local authorities understand the same event.
After systems return to normal, the operational review still has value. Leaders will need to understand how quickly decisions were made, whether manual processes were ready, whether exams could continue, whether contact channels worked if email was unavailable, and which systems were most important to safeguarding and continuity.
Great Marlow’s latest statement closes down the most serious interpretation of the incident. The wider education-sector issue remains: schools need cyber playbooks that work when the first operational decision is whether it is safe to open.





