K12 leaders are more aware of cyber threats. But they aren’t fully prepared—yet

District tech leaders say they struggle to balance access to edtech with security concerns about certain products and the behavior of users.

K12 leaders are much more alert to the risks of cyberattack but increased awareness has not yet led districts to develop stronger security procedures, a new study asserts. That means many school systems remain unprepared to prevent and respond to cyber threats, says a just-released cybersecurity study by iboss, a cloud security provider, and Project Tomorrow, a nonprofit focused on innovative instructional practices.

Here are a few key findings:

1. Districts are acutely aware of the risks

  • 85% of district technology leaders and 84% of district administrators agree that the risk of a cyberattack is higher than it has ever been.
  • Nearly half of district technology leaders say they struggle to balance access to digital educational resources with security concerns about certain products and the behavior of users.
  • Three in 10 district technology leaders and district administrators said their school system suffered a cyberattack in 2022.

2. Little preparation is happening:

  • Only half of district technology leaders have audited district cybersecurity.
  • Of the technology leaders who have audited security, just 37% said the analysis was dictated by district policy or conducted annually.

3. A lack of collaboration is partially to blame:

  • Over two-thirds of district technology leaders say cybersecurity is solely the responsibility of the IT Department.
  • Only 32% say that the district leadership team shares responsibility for cybersecurity.

Shutting down cyber-attacks

The upshot is that superintendents and their teams should seriously consider creating “a new districtwide cybersecurity ecosystem” that is centered on sustainable new policies for safeguarding student data and other sensitive digital assets. This effort will include rethinking staff roles around cybersecurity so responsibility and accountability are shared by staff outside IT departments, the report says.

More from DA: School board turmoil—4 more superintendents make quick departures

The district technology leaders surveyed said there is also an urgent need for K12 to develop best practices for cybersecurity and conduct cyber threat preparation assessments more consistently. Districts also need increased funding for cybersecurity.

Many technology leaders admitted that experiencing a cyberattack was the wake-up call their administration needed to develop more comprehensive cybersecurity strategies, which include:

  1. Continued cybersecurity education and training, including regular updates and information sessions to build a new culture of shared accountability and responsibility.
  2. Conducting risk assessments to fully alert staff to the cyber threats facing K12.
  3. Implementing small procedural changes as a pathway to a larger more systemic approach to cybersecurity.
Matt Zalaznick
Matt Zalaznick
Matt Zalaznick is a life-long journalist. Prior to writing for District Administration he worked in daily news all over the country, from the NYC suburbs to the Rocky Mountains, Silicon Valley and the U.S. Virgin Islands. He's also in a band.

Most Popular