School districts across the country are experiencing an average of five cyber incidents per week. This steady increase in indiscriminate cyber-attacks on K-12 schools is prompting education leaders to think about how cybersecurity fits into emergency operations planning, by increasing both their understanding of the issue and their capacity to integrate the most impactful and cost-efficient strategies for mitigating cybersecurity risks. Managing cybersecurity risk is a necessity because school communities are heavily reliant on technology and internet connectivity to carry out education service delivery and day-to-day business operations.
In its federal role to coordinate and support the K-12 community’s cybersecurity resilience efforts, the U.S. Department of Education is working with stakeholders and partners across federal, state, local, Tribal communities, and territories to support K-12 cybersecurity risk mitigation by:
- Highlighting training tools, briefs and resources available through its student privacy policy technical assistance centers and the Department of Homeland Security’s (DHS) SchoolSafety.gov site.
- In collaboration with federal partners, raising the visibility of high-impact and feasible cybersecurity strategies.
- Directing schools, districts and state educational agencies to CISA and FBI regional office points of contact to report cybersecurity incidents and support broader information sharing that will stem the impact of threat actors.
What we know about K-12 Cybersecurity Attacks
Types of Cyber Incidents
Cyber incidents in K-12 range from electronic-based data breaches of student, teacher or other school community members and ransomware attacks to online class and meeting intrusions. While not the only vulnerabilities, two critical weaknesses for cyber threat actors to exploit are phishing email and outdated software.
The Data
Both trend and current year data consistently show that K-12 schools remain vulnerable to cybersecurity threats. The K12 Security Information Exchange reports that from 2016 to 2021, schools in nearly every state in the country were victims of a cyberattack. The Multi-State Information Sharing and Analysis Center (MS-ISAC) comparably noted in its 2021-22 K-12 Report that more than 29 percent of its members had experienced a cyber incident.
The Consequences
The immediate impact of a cybersecurity incident in a school may result in disruptions to teaching, learning and critical business operations. Many school districts that have experienced a cybersecurity incident speak to the significant, wide-ranging costs of a cyber incident:
- Financial: costs attributable to teaching and learning loss; labor costs resulting from a shift to manual execution of operations and processes that, in normal conditions, are automated (e.g., manual writing of payroll and third-party vendor payments, etc.); legal and insurance expenses; and long-term costs like credit monitoring for impacted individuals, etc.
- Political: Loss of trust among teachers, parents, and the community.
What K-12 can do right now to mitigate cybersecurity risk
Multiple useful cybersecurity frameworks exist that districts may use to guide robust resilience efforts such as a cybersecurity annex. But for the many districts with limited IT expert capacity and resources, there are immediate, relatively low-cost prevention strategies that can go a long way to protecting school communities:
- Keeping software up to date (also know as Patching)
- Implement Multi-Factor Authentication (MFA
- Use strong passwords
- Spot and report email phishing, vishing and smishing threats.
- Join the Multi-State Information Sharing and Analysis Center (MS-ISAC), to access low-cost cybersecurity tools, resources, and just-in-time information sharing to support both technology experts and school leaders in building cybersecurity resilience.
Key steps that district and state leaders and technology experts across the country are taking to mitigate risk:
- More than 600 schools and districts, including urban, rural, large and small schools—have been selected to collectively receive up to $200 million in cybersecurity tools as part of the Federal Communications Commission’s Cybersecurity Pilot Program.
- States like Indiana and Ohio are providing support to schools to meet new K-12 cybersecurity training requirements.
- North Carolina supports a whole-of state approach, building a Joint Cybersecurity Task Force that includes the FBI, National Guard, its state education agency and school districts.
- North Dakota also supports a whole-of-state approach and is the first in the country to require K-12 cybersecurity education.
- Connecticut’s Connecticut Education Network provides accessible and equitable pricing for broadband to 100 percent of the state’s school districts, and multiple cybersecurity services at no cost.
- The Consortium for School Networking’s (CoSN) 2025 report notes that more than 78% of education technology leaders surveyed reported that their schools are investing in cybersecurity monitoring, detection, and response, although costs for these and cybersecurity insurance continues to rise.
K-12 Cybersecurity Government Coordinating Council (GCC)
In Spring 2024 the U.S. Department of Education established a K-12 Cybersecurity Government Coordinating Council (GCC), a coalition of education and education technology leaders across federal, state, and local entities, as part of the Department’s role in supporting the nation’s critical infrastructure. The GCC was paused in Spring 2025 as the administration considers next steps for how critical infrastructure sectors, including the education subsector, is best positioned to support the nation’s critical infrastructure in combating cybersecurity threat actors.
Report to CISA | CISA: www.cisa.gov/report or call 1-844-Say-CISA (1-844-729-2472)
Report cyber-criminal activity to your local FBI field office