As cybersecurity threats ramp up in complexity and frequency, these five states are addressing these challenges through targeted legislation.
Arkansas, Massachusetts, Oregon, Pennsylvania and Texas have introduced a collective 18 K12-focused bills that directly support school districts, public elementary and secondary schools, education services agencies and other K12 institutions, according to a new report from the Consortium for School Networking.
However, out of the 18 bills that were introduced in the states highlighted in this report, only seven were enacted in two states: Arkansas and Texas. These bills include:
Arkansas
- HB1666: Amends existing law relating to the state’s cyber response program, which includes school districts as participating entities.
- HB1821: Requires the State Insurance Department to offer cybersecurity insurance for public schools and allows the department to mandate reporting requirements for districts.
- HB1959: Requires the creation of policies concerning the authorized use of AI.
- SB25: Appropriates funding for the Arkansas Self-Funded Cyber Response Program to assist school districts after cyberattacks.
- SB481: Companion to HB1821, also provides cybersecurity insurance coverage requirements for K12 schools.
Texas
HB150/SB2176: Establishes the Texas Cyber Command in place of the Department of Information Resources; Requires school districts to establish cybersecurity policies that don’t conflict with information security standards for higher education adopted by the Texas Cyber Command.
HB500: Provides funding to the School for the Deaf for information technology and cybersecurity initiatives.
These themes were common even in the legislation that was not enacted. For instance, states like Arkansas, Massachusetts and Texas introduced bills that prioritize AI and privacy-cyber integration. CoSN CEO Keith Krueger applauds state leaders who are stepping up amid dwindling federal aid.
“As this report shows, while federal support is shrinking, several states are advancing innovative, bipartisan legislation to help safeguard student data, improve incident response, expand insurance access and build the cybersecurity workforce we urgently need,” Krueger wrote in the report.
A national trend
Over the summer, a handful of school districts faced cyber disruptions ahead of the school year. Arkansas’ Fort Smith Public School District in July sought help from a third-party firm to restore its phone and internet systems after a cyber attack, according to Talk Business & Politics.
The Lexington-Richland School District 5 in South Carolina last month denied demands from foreign hackers to pay a ransom following a cyberattack that disabled the district’s computer systems and compromised some students’ data, The State reports.
To understand the severity of cyberattacks impacting the education sector, Check Point Software Technologies, a cybersecurity solutions provider, recently published research revealing the number of cyberattacks against prominent business sectors globally. Consistent with previous trends, the education sector saw the highest average number of weekly cyberattacks between January and July 2025.
According to the research, this represents a 41% overall increase year-over-year, with an average of 4,356 weekly attacks per organization worldwide.
“These numbers reinforce that the education sector is now a prime focus for cyber criminals, with attacks intensifying during key seasonal milestones like the back-to-school period,” the researchers wrote.
District Administration recently interviewed James Turgal, vice president of global cyber risk and board relations at Optiv, where he identified the cybersecurity threats that will shape the 2025-26 school year. Read that story here.
