Privacy & Security

K-12 Tech Leaders Don’t Feel Prepared for Cyberattacks

By Lauraine Langreo — May 22, 2023 5 min read
 abstract digital key with technology interface, cybersecurity, key, lock, cellphone, fingerprint, and cloud computing icons
  • Save to favorites
  • Print

Cybersecurity ranks as the No. 1 priority for K-12 technology leaders for the fifth year in a row, according to a new report from the nonprofit Consortium for School Networking.

A decade ago, cybersecurity was a low priority, ranking 13th out of 16 options, according to CoSN’s annual State of EdTech Leadership report, which surveyed more than 1,200 U.S. school district technology leaders between Jan. 10 and Feb. 28.

The findings suggest that K-12 technology leaders are still struggling to figure out how to solve cybersecurity problems, which are becoming more common and complicated. There have been 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks.

Cyberattacks can cause major disruptions to teaching and learning, and to administrative functions in a school district. The attacks can also put sensitive data about students and employees at risk. In fact, 43 percent of district technology leaders said their districts have been hit by a cyberattack that has caused some type of disruption, according to the CoSN report. In some cases, school districts have had to shut down schools for several days.

Though cyberattacks on schools are increasing, district technology leaders don’t feel adequately prepared to defend their networks. Less than a third of respondents (32 percent) said their district has sufficient cybersecurity resources to combat risks, while 46 percent said their district didn’t have sufficient resources, according to the report. And an overwhelming majority of district technology leaders (84 percent) said they are “extremely” or “very” interested in professional development related to cybersecurity.

Budget constraints are challenging

The lack of resources is tied to budget constraints, which continue to be a challenge for district technology leaders. Twelve percent of respondents said their district’s IT budget doesn’t allocate any funding for sustaining cybersecurity defense, the report found. A majority of respondents (64 percent) said their districts allocate 5 percent or less of their IT budgets for cybersecurity.

While “spending doesn’t necessarily equate to security, the lack of any budget for network security equipment or software to manage aspects like access and identity is alarming,” according to the report.

Because of inadequate funding, most districts (66 percent) do not have a full-time cybersecurity position, the report found. Thirty-four percent of districts distribute that responsibility across several jobs, 30 percent include that responsibility as part of an employee’s job, and 23 percent outsource the job.

“It would be nice to have a dedicated cybersecurity person,” said Keith Bockwoldt, the chief information officer for Hinsdale High School District 86 in Hinsdale, Ill. “But to get someone of quality, you’re going to have to pay that person [a lot] since there’s so much demand [for IT workers] right now.”

“It comes down to funds—having the money for the staffing is really what it comes down to,” said Bockwoldt, who served as treasurer for CoSN’s board of directors from April 2016 to March 2023.

To alleviate funding concerns, many in the K-12 community have been asking the Federal Communication Commission to modernize the E-rate program’s definition of “firewall”—which protects the network against unauthorized access or intrusions—so districts could use the money to upgrade their cybersecurity resources to meet current needs.

Right now, districts can only be reimbursed for “basic” protections. That means districts can’t use E-rate funds for more advanced firewalls, such as a virtual private network that creates a secure channel for data transmission and intrusion detection systems that stop network activity that violates predefined security policies.

The E-rate federal program was established in 1996 to help schools and libraries across the country with internet connectivity needs.

More training and buy-in needed

Despite the funding and staffing challenges, district technology leaders are implementing more practices to improve cybersecurity. For example, 76 percent of respondents said their district conducts IT staff training, an 11-percentage-point increase from 2022. And 61 percent of respondents require two-factor authentication for district accounts, compared to 40 percent last year.

But there’s still room for improvement. There are still districts that do not provide any cybersecurity training to their teachers (13 percent), administrators (12 percent), support staff (14 percent), and students (33 percent), which is a problem because schools can then become easy targets for cybercriminals if they don’t know how to spot scams, experts said.

“The humans are a big part of this. It’s not just the funding,” said Diane Doersch, who leads CoSN’s board of directors and is also the senior director of information technology for Digital Promise. “School districts need a structured way to provide professional learning for the IT staff and then also a structured way to get cybersecurity training to the end users.”

See Also

Illustration of Internet network data computer laptop security shield and lock symbol.
DigitalVision Vectors/Getty
Privacy & Security 3 Ways Schools Can Reduce Cybersecurity Risks
Lauraine Langreo, January 25, 2023
4 min read

The challenge is finding time to conduct those trainings, especially for educators who have a lot of other professional development they are required to do, according to district technology leaders.

“We don’t want to overwhelm staff,” said Bockwoldt. “We can’t dismiss [the training] either. We have to make sure that everybody knows what’s going on. We’ve got to figure out where we can embed it.”

Doersch, who was chief technology & information officer for a Wisconsin school district from 2016 to 2019, said one method that works is using an automated system that provides just-in-time training. Staff and students would watch videos and answer questions at their convenience but with a due date.

Both Bockwoldt and Doersch also underscored the importance of having buy-in from senior leadership to ensure that everyone sees cybersecurity as a priority.

“It’s not going away. It’s only getting worse, so we have to continue to be on our feet,” Bockwoldt said.


Jobs Virtual Career Fair for Teachers and K-12 Staff
Find teaching jobs and other jobs in K-12 education at the EdWeek Top School Jobs virtual career fair.
English-Language Learners Webinar English Learners and the Science of Reading: What Works in the Classroom
ELs & emergent bilinguals deserve the best reading instruction! The Reading League & NCEL join forces on best practices. Learn more in our webinar with both organizations.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Teaching Webinar
Challenging the Stigma: Emotions and STEM
STEM isn't just equations and logic. Join this webinar and discover how emotions fuel innovation, creativity, & problem-solving in STEM!
Content provided by Project Lead The Way

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security A Massive Data Leak Exposed School Lockdown Plans. What Districts Need to Know
More than 4 million records held by school safety software company Raptor Technologies were left inadvertently exposed online.
5 min read
Concept image of security breach, system hacked alert with red broken padlock icon showing vulnerable access.
Nicolas Herrbach/iStock/Getty
Privacy & Security As Cyberattacks Mount, Lawmakers Double Their Efforts to Protect Schools
But the legislative push is not matched by funds to build better cyber defenses.
2 min read
Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus
Privacy & Security 3 Superintendents Share Cybersecurity Best Practices
Cyberattacks cause major disruptions to learning, but school districts are still struggling to put in place effective protections.
3 min read
Image of a red glowing caution sign over a dark field of data.
Privacy & Security Saturn Is a New App for High Schoolers. Here’s Why It Has Educators Concerned
Saturn is billed as a time-management app, but experts see potential privacy concerns in allowing it broad access to students' schedules.
6 min read
Image of a clock, calendar, and a pencil.