Privacy & Security

K-12 Tech Leaders Don’t Feel Prepared for Cyberattacks

By Lauraine Langreo — May 22, 2023 5 min read
 abstract digital key with technology interface, cybersecurity, key, lock, cellphone, fingerprint, and cloud computing icons
  • Save to favorites
  • Print

Cybersecurity ranks as the No. 1 priority for K-12 technology leaders for the fifth year in a row, according to a new report from the nonprofit Consortium for School Networking.

A decade ago, cybersecurity was a low priority, ranking 13th out of 16 options, according to CoSN’s annual State of EdTech Leadership report, which surveyed more than 1,200 U.S. school district technology leaders between Jan. 10 and Feb. 28.

The findings suggest that K-12 technology leaders are still struggling to figure out how to solve cybersecurity problems, which are becoming more common and complicated. There have been 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping schools prevent cyberattacks.

Cyberattacks can cause major disruptions toteaching and learning, and to administrative functions in a school district. The attacks can also put sensitive data about students and employees at risk. In fact, 43 percent of district technology leaders said their districts have been hit by a cyberattack that has caused some type of disruption, according to the CoSN report. In some cases, school districts have had to shut down schools for several days.

Though cyberattacks on schools are increasing, district technology leaders don’t feel adequately prepared to defend their networks. Less than a third of respondents (32 percent) said their district has sufficient cybersecurity resources to combat risks, while 46 percent said their district didn’t have sufficient resources, according to the report. And an overwhelming majority of district technology leaders (84 percent) said they are “extremely” or “very” interested in professional development related to cybersecurity.

Budget constraints are challenging

The lack of resources is tied to budget constraints, which continue to be a challenge for district technology leaders. Twelve percent of respondents said their district’s IT budget doesn’t allocate any funding for sustaining cybersecurity defense, the report found. A majority of respondents (64 percent) said their districts allocate 5 percent or less of their IT budgets for cybersecurity.

While “spending doesn’t necessarily equate to security, the lack of any budget for network security equipment or software to manage aspects like access and identity is alarming,” according to the report.

Because of inadequate funding, most districts (66 percent) do not have a full-time cybersecurity position, the report found. Thirty-four percent of districts distribute that responsibility across several jobs, 30 percent include that responsibility as part of an employee’s job, and 23 percent outsource the job.

“It would be nice to have a dedicated cybersecurity person,” said Keith Bockwoldt, the chief information officer for Hinsdale High School District 86 in Hinsdale, Ill. “But to get someone of quality, you’re going to have to pay that person [a lot] since there’s so much demand [for IT workers] right now.”

“It comes down to funds—having the money for the staffing is really what it comes down to,” said Bockwoldt, who served as treasurer for CoSN’s board of directors from April 2016 to March 2023.

To alleviate funding concerns, many in the K-12 community have been asking the Federal Communication Commission to modernize the E-rate program’s definition of “firewall”—which protects the network against unauthorized access or intrusions—so districts could use the money to upgrade their cybersecurity resources to meet current needs.

Right now, districts can only be reimbursed for “basic” protections. That means districts can’t use E-rate funds for more advanced firewalls, such as a virtual private network that creates a secure channel for data transmission and intrusion detection systems that stop network activity that violates predefined security policies.

The E-rate federal program was established in 1996 to help schools and libraries across the country with internet connectivity needs.

More training and buy-in needed

Despite the funding and staffing challenges, district technology leaders are implementing more practices to improve cybersecurity. For example, 76 percent of respondents said their district conducts IT staff training, an 11-percentage-point increase from 2022. And 61 percent of respondents require two-factor authentication for district accounts, compared to 40 percent last year.

But there’s still room for improvement. There are still districts that do not provide any cybersecurity training to their teachers (13 percent), administrators (12 percent), support staff (14 percent), and students (33 percent), which is a problem because schools can then become easy targets for cybercriminals if they don’t know how to spot scams, experts said.

“The humans are a big part of this. It’s not just the funding,” said Diane Doersch, who leads CoSN’s board of directors and is also the senior director of information technology for Digital Promise. “School districts need a structured way to provide professional learning for the IT staff and then also a structured way to get cybersecurity training to the end users.”

See Also

Illustration of Internet network data computer laptop security shield and lock symbol.
DigitalVision Vectors/Getty
Privacy & Security 3 Ways Schools Can Reduce Cybersecurity Risks
Lauraine Langreo, January 25, 2023
4 min read

The challenge is finding time to conduct those trainings, especially for educators who have a lot of other professional development they are required to do, according to district technology leaders.

“We don’t want to overwhelm staff,” said Bockwoldt. “We can’t dismiss [the training] either. We have to make sure that everybody knows what’s going on. We’ve got to figure out where we can embed it.”

Doersch, who was chief technology & information officer for a Wisconsin school district from 2016 to 2019, said one method that works is using an automated system that provides just-in-time training. Staff and students would watch videos and answer questions at their convenience but with a due date.

Both Bockwoldt and Doersch also underscored the importance of having buy-in from senior leadership to ensure that everyone sees cybersecurity as a priority.

“It’s not going away. It’s only getting worse, so we have to continue to be on our feet,” Bockwoldt said.


Student Well-Being Webinar After-School Learning Top Priority: Academics or Fun?
Join our expert panel to discuss how after-school programs and schools can work together to help students recover from pandemic-related learning loss.
Budget & Finance Webinar Leverage New Funding Sources with Data-Informed Practices
Address the whole child using data-informed practices, gain valuable insights, and learn strategies that can benefit your district.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Classroom Technology Webinar
ChatGPT & Education: 8 Ways AI Improves Student Outcomes
Revolutionize student success! Don't miss our expert-led webinar demonstrating practical ways AI tools will elevate learning experiences.
Content provided by Inzata

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Why Student Data Privacy Is a Civil Rights Issue
Data privacy problems in schools could be disproportionately hurting specific groups.
2 min read
Illustration of numerous computer windows overlapping with creepy eyeballs inside the close, open, and minimize circles within the various window screens.
Daniel Hertzberg for Education Week
Privacy & Security It Takes an Entire District to Prevent a Cyberattack: 5 Tips
One of the biggest challenges in making cybersecurity policies work is getting everyone engaged.
3 min read
underground cyber security hologram with digital shield 3D rendering
iStock/Getty Images
Privacy & Security Four Countries Want Students to Help Their Schools Fight Cyber Threats
Australia, India, Japan, and the United States are teaming up to shine a spotlight on cybersecurity.
1 min read
Gloved hand reaching into a laptop screen hacking someone's account.
iStock/Getty Images Plus
Privacy & Security Q&A What Educators Need to Know About Ed-Tech Companies' Data Privacy Policies
A data privacy expert weighs in on what K-12 district leaders need to look out for when reviewing privacy policies.
4 min read
Low angle view of a blue padlock made to resemble a circuit board and placed on binary computer code background