Fraud in schools is no longer a rare event. It is an operating reality
By Daryll Holland | Head of Technology and Information Security, Alii
Schools run on trust. Trust between staff and leadership, between schools and families, and between finance teams and suppliers, as well as trust that the systems sitting behind everyday work will keep doing what they are supposed to do.
That trust matters because it is part of what makes schools work, but it is also part of what makes fraud and security risk in schools easy to underestimate.
Alii’s recent survey of 553 school leaders across Australia, New Zealand, the UK and the US found that 75.4% of schools had experienced confirmed or suspected fraud attempts, 43.8% had detected and stopped fraud activity, and 9.0% had experienced financial or data loss.
Those numbers should change the conversation.
Fraud in schools is not a rare event or a niche problem that sits off to the side with IT. It is part of the operating environment, and it shows up in approvals, supplier changes, invoice processing, payroll, access, reporting and recovery readiness. In other words, it shows up in the ordinary work that keeps a school moving.
That is the most important point in the report. It is not simply that risk exists, because most leaders already know that. It is that the risk is persistent, practical and much closer to the workflows schools rely on every day than many people would like to think.
Why schools are especially exposed
Schools are not shaped like corporations. They are shaped like communities, and that brings with it a very different operating profile.
They are open by design, they deal with many stakeholders, and they work around tight cycles and constant interruption. Trust and responsiveness are part of the culture for good reason, so staff are used to helping quickly, responding to urgency and assuming good intent.
At the same time, the operating environment has become more complex, with more systems, more suppliers, more credentials, more approvals, more volume, more handoffs and more pressure.
That does not mean schools are weak. It means the risk profile is different.
A busy school finance or operations team can be doing excellent work and still be exposed if the control environment depends too heavily on memory, inboxes, individual vigilance or unwritten workarounds. That is why the report keeps returning to the same idea: this is not just an IT story, it is a governance story and an operational consistency story.
The threat is not hypothetical
One of the more reassuring numbers in the survey is that 43.8% of respondents said they had detected and stopped fraud activity, which tells us many schools are catching problems before loss occurs. Staff are noticing red flags, and existing controls are doing some of their job. That matters.
But it is only half the story.
9.0% of respondents said they had experienced financial or data loss, while 11.4% said they had paid a fraudulent invoice. This is where the issue stops being a near miss and becomes a live operational consequence.
The loss itself is not always only financial. It can mean student or staff data exposure, incident response costs, recovery time, leadership distraction and reputational damage. Once you view it that way, fraud and security risk stops looking like a specialist problem and starts looking like a leadership problem.
Where leaders already see pressure building
The survey also shows that awareness is already high, and leaders are not treating this as hype.
97.5% identified phishing and impersonation scams as a major risk heading into 2026, 96.2% called out invoice or supplier fraud, 95.3% cited AI-generated impersonation attempts, and 93% pointed to ransomware and extortion attacks.
That matters because it tells us the sector does not need more vague awareness. What it needs is better translation from awareness into repeatable controls.
In practice, many schools already know what they are worried about. The challenge is making sure the control environment holds up during the busiest parts of the term, during staff absences, when there is pressure to move quickly, or when work is spread across too many systems and inboxes.
What school leaders should take from this
The response should not be alarmist. It should be operational.
If fraud is part of the operating environment, then it should be managed like any other ongoing operational risk. That means leadership visibility, named ownership, clear reporting, practical verification steps and controls that happen every time rather than only when someone remembers.
This is especially important in schools because awareness alone is not enough. A school can have smart, conscientious people and still be exposed if the workflow depends on perfect behaviour under pressure.
That is why stronger controls tend to look unremarkable from the outside. A callback for bank detail changes, clear approval pathways, better visibility into where work is sitting, a named owner for risk coordination, and a recovery plan that has actually been tested are not dramatic moves. They are disciplined ones.
Why this matters for Alii readers
For Alii, the value of this survey is that it gives the sector a clearer language for talking about what many teams are already experiencing. The lesson is not that schools need to become less trusting. It is that trust needs to be supported by stronger operating discipline.
That is where workflow design matters.
When approval pathways are visible, supplier changes are controlled, invoice exceptions are surfaced clearly and audit trails are easy to follow, the organisation becomes less dependent on heroic effort. That is good for fraud prevention, and it is also good for continuity, accountability and confidence.
Fraud in schools is no longer a rare event. It is an operating reality, and the good news is that operational risks can be managed. But that only happens when we treat them as part of the day-to-day system, not as isolated incidents that happen to someone else.
Next steps
Continue the conversation with the resources and next steps below.
.svg)
