Ed-Tech Policy

There Are Hundreds of New Bills Targeting Cyberattacks in Schools. Will They Work?

By Lauraine Langreo — January 06, 2023 2 min read
Image of lock on binary code background.
  • Save to favorites
  • Print

More state policymakers are recognizing the serious consequences that cyberattacks can have on K-12 schools, but the policy response is “still insufficient,” according to the Consortium for School Networking’s analysis of school-related cybersecurity bills introduced in 2022.

Legislators in 36 states introduced 232 school-related cybersecurity bills, the report found. That’s 62 more than were introduced in 2021 and more than twice the number of bills introduced in 2020. Thirty-seven of the cybersecurity bills introduced in 2022 were enacted, compared with 49 in 2021 and 10 in 2021, according to the report.

Cyberattacks are now a daily threat for schools as the number of incidents has increased in recent years. Most notably, in 2022, two big districts—Los Angeles Unified and New York City—faced cybersecurity challenges.

Protecting sensitive data is becoming more challenging as districts lean further into technology use for teaching, learning, and managing their systems, and as cybercriminals become more sophisticated. It’s also a challenge as teachers and district leaders perceive the threat of cyberattacks very differently.

The most common cybersecurity policy strategies adopted by states in 2022 include mandatory incident reporting, prevention and contingency planning requirements, and expansion of the cybersecurity workforce, the report found. In many cases, the adopted bills also provided funding for schools and districts to pay for these activities.

For example, California enacted a law that requires districts to report cyberattacks that impact more than 500 students or personnel, and establishes a statewide database to track the attacks reported. And in Alabama, a new law provides funding for hiring district technology coordinators.

Twenty-seven of the bills introduced in 2022 focused on cybersecurity training requirements. The bills enacted provide funding for training, establish a liaison program to assist districts, and develop a cyber assessment and an online database of training resources.

The CoSN report argued that the new laws are not comprehensive enough to address the cybersecurity challenges school districts face.

State Educational Technology Directors Association Executive Director Julia Fallon agreed that more needs to be done, with a focus on the “unique needs” of the K-12 industry sector.

“Just taking business models that are out in the corporate space and applying it to K-12 doesn’t necessarily solve the problems,” Fallon said.

Here are some policy improvements to consider in 2023, according to the report:

  • Prevention strategies should reflect industry standards and best practices and should include realistic timelines for completing the requirements.
  • Policymakers should find ways to remove the stigma associated with reporting attacks so that every attack can be a learning opportunity for others.
  • To address workforce gaps, it’s not enough to fund new higher education degree programs, because that strategy “takes years to yield benefits.” There should be more emphasis on shorter-term credentialing options and more funding for compensation to compete with the private sector.
Related Tags:


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Student Well-Being Webinar
Attend to the Whole Child: Non-Academic Factors within MTSS
Learn strategies for proactively identifying and addressing non-academic barriers to student success within an MTSS framework.
Content provided by Renaissance
Classroom Technology K-12 Essentials Forum How to Teach Digital & Media Literacy in the Age of AI
Join this free event to dig into crucial questions about how to help students build a foundation of digital literacy.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Ed-Tech Policy Q&A Why Many Schools' Strict Cellphone Policies May Not Go Far Enough
A national advocacy group says schools need all-day bans on devices.
6 min read
Young girl using a cellphone in class. On her desk is an open notebook and a pencil.
skynesher / iStock/Getty
Ed-Tech Policy Q&A How the FCC Wants to Tackle the 'Homework Gap'
The FCC approved an expansion of the E-rate program to include Wi-Fi hotspots.
4 min read
Student at computer from home, doing school work with  wifi connection icon images overlaying image.
Liz Yap/Education Week and E+/Getty.
Ed-Tech Policy Can Schools and Vendors Work Together Constructively on AI? A New Guide May Help
A top priority is greater transparency about how AI-driven products are designed and tested.
4 min read
Ed-Tech Policy Tracker Which States Ban or Restrict Cellphones in Schools?
See which states are requiring cellphone restrictions or bans in schools.
cellphone distraction policy bans in schools static
Laura Baker/Education Week via canva