Report: 82 Percent of K-12 Organizations Experienced Cyber Threat Impacts

  • March 07, 2025

The Center for Internet Security, Inc. (CIS) has released its 2025 CIS MS-ISAC K-12 Cybersecurity Report at the SXSW EDU conference in Austin, Texas, to an audience of educators, administrators, innovators, and technology experts. The report details the increasing sophistication, frequency, and impact of cyber attacks against K-12 schools. This is CIS’s third annual report dedicated to K-12 cybersecurity, and the second year partnering with the Consortium for School Networking (CoSN), bringing together experience, expertise, and resources to address this critical issue.

Key Findings:

  • 82% of reporting K-12 organizations experienced cyber threat impacts.
  • Nearly 14,000 security events were observed, with 9,300 confirmed incidents.
  • Cybercriminals target human behavior at least 45% more than technical vulnerabilities.
  • Attacks surge during high-stakes periods like exams, disrupting education and forcing difficult decisions.

Impact on Communities: "The long-term impacts of stolen student and faculty data are only part of the story," said Randy Rose, VP of Security Operations and Intelligence at CIS. “Schools are a vital part of our local communities and cyber attacks against these institutions can have real-world consequences that include missed days, canceled exams, wasted food, and disruptions to child care among other things.”

Building Cyber Resilience: CIS emphasizes the importance of a collaborative approach to cybersecurity. Early engagement with the Multi-State Information Sharing and Analysis Center (MS-ISAC®) improves outcomes, and schools that leverage no- and low-cost cybersecurity resources from the MS-ISAC significantly increase cybersecurity capabilities at a fraction of the cost. MS-ISAC services blocked more than one billion attempts to connect to malware domains, and over 320 million attempts to connect to phishing domains.

Recommendations: Create a culture of shared responsibility. Establish direct lines of communication between IT teams and educators. Implement smart technical controls that support learning without hindering it. Strengthen partnerships, as collaboration amplifies impact.

Final Takeaways: Cybersecurity in education isn’t just about protecting data, it’s about protecting the students and families, as well as the services they rely on every day. Through proactive cybersecurity strategies and collaboration, K-12 schools can greatly improve their cyber defenses against a pervasive and evolving cyber threat. For more information and to access the full report, please visit https://learn.cisecurity.org/2025-k12-cybersecurity-report-download.

Featured

  • How Cloud Security Solutions Are Transforming Campus Safety

    Campus administrators today face a challenging mandate: deliver stronger security across their facilities while working within tighter budget constraints. From school districts focused on student safety to hospitals protecting patients and staff, the question remains the same: how do you build security infrastructure that evolves with your needs without requiring massive capital investments? Read Now

  • 77% of Americans Support Gun Detection Technology in Schools, Workplaces, and Houses of Worship

    More than three-quarters of Americans (77.4%) believe gun detection technology should be deployed in schools, workplaces, and other public spaces, according to new survey data released recently. The national survey shows strong support for incorporating camera-based gun detection into existing video surveillance systems. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

Most   Popular