Privacy & Security

As Cyberattacks Mount, Lawmakers Double Their Efforts to Protect Schools

By Alyson Klein — January 22, 2024 2 min read
Conceptual illustration of computer with a pixelated lock on screen.
  • Save to favorites
  • Print

State lawmakers and governors across the country are seeking to combat the spike in sophisticated cyberattacks on schools, enacting nearly twice as many new cybersecurity laws with implications for education last year as they did the year before, concludes a new report from the Consortium for School Networking.

Many of the new laws aim to ensure that K-12 officials are addressing cybersecurity, or seek to connect districts with greater technical expertise, found CoSN, a membership organization for district education technology officials. But only a handful provide new money to help schools meet their cybersecurity needs.

“I think the good news is the policymakers are waking up [to the fact] that this is an endemic problem for school districts,” said Keith Krueger, CoSN’s executive director. “But there just hasn’t been a big investment yet, in terms of cybersecurity.”

Schools’ cybersecurity needs are bigger than ever, Krueger said. He pointed to a recent report from S&P Global, a credit rating agency, that called K-12 schools in the United States a “playground for cybercriminals.” To make matters worse, only about a third of districts have a full-time staff member dedicated to cybersecurity, CoSN reported in its annual survey.

Governors in 33 states signed 75 cybersecurity laws that have education implications last year. That’s more than twice as many as in 2022, when states enacted 37 such laws. What’s more, legislators in 42 states introduced 307 cybersecurity bills that at least touched on education last year. That’s more than three times as many cybersecurity bills with a K-12 twist as in 2020, when 87 such bills were introduced.

Many of the new laws call for K-12 officials to step up or continue their focus on cybersecurity. For instance:

  • Arkansas called for annual reviews and updates to schools’ cybersecurity policies.
  • California now requires its Cybersecurity Integration Center, which helps prevent and handle cyberattacks, to coordinate and provide information to school districts.
  • Illinois established a task force charged with developing model policies for schools for addressing the role of artificial intelligence in education, including its cybersecurity implications.
  • Maryland called for virtual schools to provide cybersecurity policy information to parents.
  • New Mexico now requires educational technology plans that describe cybersecurity protections to be shared with the state education department.

To be sure, some states did approve new money for K-12 cybersecurity. Texas, for instance, provided more than $54 million in such funding and called on the state education agency to establish standards for electronic devices and software in school districts. And Minnesota allocated $24 million in grants to help public and charter schools improve both building and cyber security.

There’s also a push at the federal level to secure cybersecurity funding for K-12, including through a $200 million, three-year-pilot program proposed by Jessica Rosenworcel, the chair of the Federal Communications Commission.

That pilot will help, though the $200 million is relatively small compared to the scope of the problem, Krueger said.

When it comes to K-12 cybersecurity, “we got to think bigger,” Krueger said. “We got to think stronger. We got to move faster.”

Related Tags:


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Student Well-Being Webinar
Attend to the Whole Child: Non-Academic Factors within MTSS
Learn strategies for proactively identifying and addressing non-academic barriers to student success within an MTSS framework.
Content provided by Renaissance
Classroom Technology K-12 Essentials Forum How to Teach Digital & Media Literacy in the Age of AI
Join this free event to dig into crucial questions about how to help students build a foundation of digital literacy.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by FlexPoint Education Cloud
Privacy & Security What Schools Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
Privacy & Security A New Federal Taskforce Targets Cybersecurity in Schools
The “government coordinating council" aims to provide training, policies, and best practices.
3 min read
Illustration of computer and lock.
iStock / Getty Images Plus
Privacy & Security Q&A Why One Tech Leader Prioritizes Explaining Student Data Privacy to Teachers
Jun Kim, the director of technology for an Oklahoma school district, helped build a statewide database of vetted learning platforms.
3 min read
Jun Kim, Director of Technology for Moore Public Schools, poses for a portrait outside the Center for Technology on Dec. 13, 2023 in Moore, Okla.
Jun Kim, is the director of technology for the Moore school district in Moore, Okla., He has made securing student data a priority for the district and the state.
Brett Deering for Education Week