Report: 82 Percent of K-12 Organizations Experienced Cyber Threat Impacts

The Center for Internet Security, Inc. (CIS) has released its 2025 CIS MS-ISAC K-12 Cybersecurity Report at the SXSW EDU conference in Austin, Texas, to an audience of educators, administrators, innovators, and technology experts. The report details the increasing sophistication, frequency, and impact of cyber attacks against K-12 schools. This is CIS’s third annual report dedicated to K-12 cybersecurity, and the second year partnering with the Consortium for School Networking (CoSN), bringing together experience, expertise, and resources to address this critical issue.

Key Findings:

  • 82% of reporting K-12 organizations experienced cyber threat impacts.
  • Nearly 14,000 security events were observed, with 9,300 confirmed incidents.
  • Cybercriminals target human behavior at least 45% more than technical vulnerabilities.
  • Attacks surge during high-stakes periods like exams, disrupting education and forcing difficult decisions.

Impact on Communities: "The long-term impacts of stolen student and faculty data are only part of the story," said Randy Rose, VP of Security Operations and Intelligence at CIS. “Schools are a vital part of our local communities and cyber attacks against these institutions can have real-world consequences that include missed days, canceled exams, wasted food, and disruptions to child care among other things.”

Building Cyber Resilience: CIS emphasizes the importance of a collaborative approach to cybersecurity. Early engagement with the Multi-State Information Sharing and Analysis Center (MS-ISAC®) improves outcomes, and schools that leverage no- and low-cost cybersecurity resources from the MS-ISAC significantly increase cybersecurity capabilities at a fraction of the cost. MS-ISAC services blocked more than one billion attempts to connect to malware domains, and over 320 million attempts to connect to phishing domains.

Recommendations: Create a culture of shared responsibility. Establish direct lines of communication between IT teams and educators. Implement smart technical controls that support learning without hindering it. Strengthen partnerships, as collaboration amplifies impact.

Final Takeaways: Cybersecurity in education isn’t just about protecting data, it’s about protecting the students and families, as well as the services they rely on every day. Through proactive cybersecurity strategies and collaboration, K-12 schools can greatly improve their cyber defenses against a pervasive and evolving cyber threat. For more information and to access the full report, please visit https://learn.cisecurity.org/2025-k12-cybersecurity-report-download.

Featured

  • Door Hardware and Campus Security: Enhancing Safety in Schools

    The importance of investing in school safety cannot be overstated, but knowing where to start implementation of school safety features can be a challenge. A recent survey by the National Center on Education Statistics found that a quarter of U.S. public schools have classrooms with doors that can't be locked from the inside. Even among schools with doors that do lock, recent legislation reflects a common misconception that simply keeping the doors locked all day will eliminate the potential for an attack, in direct violation of PASS (Partner Alliance for Safer Schools) Guidelines. Read Now

  • Brigham Young University Strengthens Campus Security With Genetec Operations Center

    Genetec Inc, a provider of enterprise physical security software, announced that Brigham Young University's (BYU) has optimized its security operations with the Genetec™ Operations Center work management system. Read Now

  • AI-based Risk Mitigation: The Next Advancement in Video Surveillance and Public Safety

    Safety is at the forefront of every organization and covers a gamut of scenarios, not just weapon-fueled lethal threats. It also includes smaller-scale and everyday situations like slipping hazards, fallen persons, unauthorized vehicles, and more. These issues cause disruptions in daily operations and cost companies and facilities money and downtime, so a fully realized security plan must involve actions that facility personnel should take once a hazard of any size occurs. Informing everyone that a hazard exists, where it’s located, and what actions to take is imperative for maintaining personal safety. Read Now

  • Fort Worth ISD Strengthens Event Safety

    The issue of concealed weapons being introduced into school extracurricular activities, including sporting events and graduations, became a growing concern in communities across the nation. According to the K-12 School Shooting Database, there were at least 202 incidents of gunfire on school grounds in 2024 across the United States, resulting in 56 deaths and 147 injuries, underscoring the urgent need for enhanced safety protocols. Read Now