Translating awareness of cyberattacks and prevention practices into actual support on the district level and in schools remains difficult.

Schools are at a greater risk for cyberattacks than ever before

Translating the awareness of cyber threats and need for cybersecurity practices into actual support on the district level continues to be difficult

Key points:

  • A lack of collaboration in schools is increasing cybersecurity risks
  • Most district leaders and administrators agree K-12 schools face higher risks for cyberattacks than ever before
  • See related article: The essential guide to 2FA for schools

Cyber threats against K-12 school districts are on the rise, yet only minimal steps are being taken at the local level to safeguard district technology assets and student information, according to a new research report from Project Tomorrow and iboss, a Zero Trust Edge cloud security provider.

The report, Why A Different Cybersecurity Ecosystem Is Needed Today, details findings from K-12 district, technology, and communications leaders on the cybersecurity challenges they’re facing today.

The report serves as a call to districts to implement a cross-organizational strategy and a new cybersecurity ecosystem to combat the present and future threats to the security of their district technology assets—and, crucially, their students. Additionally, the report encourages districts to incorporate cybersecurity best practices into sustainable new policies and procedures in order to adequately protect district digital assets, including student and staff personal data.

The findings should alarm school district leaders and parents, as cybersecurity incidents in schools can put student information at risk of being stolen, cripple emergency communications systems, and potentially shut down schools entirely.

This year saw high profile incidents that impacted Baltimore, Minneapolis and Des Moine school districts among others. The data concludes that:

  • Districts are acutely aware of the risks: 85 percent of district technology leaders and 84 percent of district administrators now agree that our nation’s K-12 schools are a higher risk now for a cyber attack than ever before. And, according to nearly half of district technology leaders (45 percent), balancing the access to online or digital educational resources with their security concerns about certain products or usage behaviors is a significant challenge.
  • Little preparation is happening: Only half of district technology leaders report that they have conducted a security audit within their district to identify risks and assess preparation levels for a cyberattack. Additionally, only 37 percent of technology leaders who said they conducted a security audit say they are dictated by district policy and conducted annually.
  • A lack of collaboration is partially to blame: Over two-thirds of district technology leaders (67 percent) say that ownership of cybersecurity within their district rests wholly with the IT Department. Only 32 percent say that cybersecurity is a shared responsibility across the district leadership team with collective accountability.
  • Best practices may be the answer: According to nearly half (49 percent) of district technology leaders, what is needed most urgently today is education on best practices for K-12 cybersecurity. Other consensus calls for cyber threat preparation assessments (42 percent), buy-in from district leadership (42 percent), and increased funding for cybersecurity (39 percent).

Translating the awareness of cyber threats into actual support on the district level continues to be difficult. However, the district leaders surveyed contributed potential solutions to combat apathy, including continued education about the reality of cyber risks, full and regular risk assessments, and implementing small procedural changes to obtain buy-in and demonstrate successful results.

“With cyber attacks it’s not a matter of if, but when,” said [DISTRICT TECHNOLOGY LEADER] “It will happen, but the severity and extent of the attack, response, and remediation will show how well-prepared the district is. With our district response plans, everyone is involved and informed. I believe being upfront and honest in the event of an attack should be the general disposition of every district”.

“I’ve worked in both the tech and non-profit education sectors and found that enterprises have much greater awareness of cyber risk and are more willing to take action than schools,” said Dr. Julie A. Evans, CEO of Project Tomorrow. “This might be because historically, technology departments at schools have had little interaction with other departments. That has to change. IT teams must work cooperatively with administration and other departments to share their knowledge to prevent further breaches and attacks.”

Key tips to help educators thwart cyberattacks
Are ransomware attacks the new snow days?

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Laura Ascione

Want to share a great resource? Let us know at

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.