Cyberattacks are now a daily threat for K-12 schools and the problem could get worse as educators lean further into technology use for teaching and learning, and as hackers grow more sophisticated.
An estimate from the K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks, found that there have been more than 1,330 publicly disclosed attacks since 2016, when the organization first began tracking these incidents. Hackers have targeted districts of all sizes.
Most notably, in 2022, two big districts—Los Angeles Unified and New York City—faced cybersecurity challenges. And if it the biggest districts can fall victim, anyone can, experts say. In fact, smaller districts are particularly vulnerable because they often do not have the cybersecurity resources they need to protect themselves.
Cyberattacks are costly to school districts. A recent GAO report found that, on average, districts lose three days to three weeks of instructional time after an attack and that recovery time could range from two to nine months. So districts should make sure they’re securing their networks to avoid unnecessary costs.
Education Week has extensive coverage that addresses the question of what to do when your school or district is hit with a cyberattack and what to do to prevent attacks. Here is a collection of articles and videos Education Week has published on this topic that you could use to tackle this challenge.
What you need to know about school cyberattacks

In this explainer, we lay out what educators need to know about the most common cyberattacks, such as ransomware and denial-of-service attacks, and why hackers target K-12 schools. (Spoiler alert: It’s because schools have access to so much data.)
Should districts pay a ransomware demand?

Guidance from the FBI and the Cybersecurity and Infrastructure Security Agency discourages paying the ransom because it doesn’t guarantee that the data hackers are holding ransom will be decrypted or that the systems will no longer be compromised. But despite that guidance, the question of whether or not to pay ransom does not always have a simple answer.
Two district leaders also talked to Education Week about how they responded to a ransomware attack that closed schools for two days.
Tips on curbing cyberattacks

There’s no magic formula that will completely protect districts from cyberattacks, but there are ways to reduce the risks. In this special report, K-12 technology leaders and experts offer recommendations on how to prevent these incidents, especially with the proliferation of school-issued devices, and what the top cybersecurity priorities should be for districts. This video outlines ways to prevent costly cyberattacks.
Protecting student data should be paramount

Student data privacy encompasses a broad range of considerations, from students’ own smartphones, to classroom applications discovered and embraced by teachers, to district-level data systems, to state testing programs. Experts weigh in on why schools struggle to protect student data.
You can also quiz yourself on how much you know about protecting student data.