Cybersecurity is a top state education technology priority, but there’s not enough funding for it, according to a survey of educational technology and digital learning leaders from state education agencies across the U.S.
The inaugural report from the State Educational Technology Directors Association (SETDA) examines how state education agencies and policymakers are adapting to a digital world. It draws on the results of the organzation’s annual State EdTech Trends Survey of ed-tech directors, state superintendents, chiefs of staff, and other senior state officials.
As schools increasingly turn to technology, the risk of cyberattacks has also grown. And it doesn’t help that cyber criminals are getting more sophisticated. State and federal lawmakers are taking notice, but based on SETDA’s survey results, there’s more to be done.
Cybersecurity is “getting a lot of attention because you could take down a whole school, and when you take down a school, you affect the community,” said SETDA Executive Director Julia Fallon. “We’ve learned from the pandemic that you do not want to have schools closed. It impacts the community in negative ways.”
After equitable internet access, cybersecurity was chosen as one of state ed-tech leaders’ top concerns, according to the survey. Seventy percent of SETDA survey respondents said that their state education agency or at least one district in their state was the victim of a cyberattack in 2021.
Since the 2022-23 school year began, a handful of school districts have been hit with cybersecurity attacks. Most recently, the nation’s second-largest school district, Los Angeles Unified, was targeted by cybercriminals over the Labor Day weekend.
Even though cybersecurity is a top priority for state edtech leaders, it is one of the top three unmet technology needs, the survey found. Only 8 percent of respondents said their state provides “ample” funding to cybersecurity risk mitigation efforts; 40 percent said their state allocates “very little” funding.
A small majority of respondents (54 percent) did say their state has existing initiatives or efforts related to cybersecurity. But only 24 percent of respondents said their state provides cybersecurity tools or resources.
Keith Krueger, CEO of the nonprofit Consortium for School Networking (CoSN), said that the SETDA survey “amplifies what we’ve certainly been hearing from school districts.”
“The attack on LA Unified indicates that state departments of education and policymakers at the state and federal level have simply not provided the resources that school districts need.”
Krueger and CoSN have been advocating for the expansion of the Federal Communications Commission’s E-Rate program, which helps schools with internet connectivity needs, to include cybersecurity protections.
Here are other notable findings from the SETDA survey:
- Student data privacy: 71 percent of respondents said they have a state policy on student data privacy; 49 percent said they ensure local education agencies are using best practices for ensuring privacy of data; 55 percent said they safeguard the data collected at the state education agency and assume LEAs are doing the same; and 6 percent said they do the minimum when it comes to privacy.
- Effectiveness of ed-tech tools: 57 percent of respondents agreed with the statement that “we have a lot of ed-tech programs and products, but we don’t always use them effectively.” Only 4 percent of respondents said their state collects ample data on frequency of use and effectiveness of ed-tech tools; 47 percent said their state doesn’t collect data on use or effectiveness.
- Artificial intelligence: None of the respondents said that their state has a current written policy related to the use of AI in the classroom. Fifty-six percent of respondents said they have no official policy or opinion about AI because they haven’t thought about it yet, and 38 percent said they leave it up to local education agencies. Only 6 percent said their state has a “thoughtful approach” about incorporating products with AI in education.