Report: 82 Percent of K-12 Organizations Experienced Cyber Threat Impacts
The Center for Internet Security, Inc. (CIS) has released its 2025 CIS MS-ISAC K-12 Cybersecurity Report at the SXSW EDU conference in Austin, Texas, to an audience of educators, administrators, innovators, and technology experts. The report details the increasing sophistication, frequency, and impact of cyber attacks against K-12 schools. This is CIS’s third annual report dedicated to K-12 cybersecurity, and the second year partnering with the Consortium for School Networking (CoSN), bringing together experience, expertise, and resources to address this critical issue.
Key Findings:
- 82% of reporting K-12 organizations experienced cyber threat impacts.
- Nearly 14,000 security events were observed, with 9,300 confirmed incidents.
- Cybercriminals target human behavior at least 45% more than technical vulnerabilities.
- Attacks surge during high-stakes periods like exams, disrupting education and forcing difficult decisions.
Impact on Communities: "The long-term impacts of stolen student and faculty data are only part of the story," said Randy Rose, VP of Security Operations and Intelligence at CIS. “Schools are a vital part of our local communities and cyber attacks against these institutions can have real-world consequences that include missed days, canceled exams, wasted food, and disruptions to child care among other things.”
Building Cyber Resilience: CIS emphasizes the importance of a collaborative approach to cybersecurity. Early engagement with the Multi-State Information Sharing and Analysis Center (MS-ISAC®) improves outcomes, and schools that leverage no- and low-cost cybersecurity resources from the MS-ISAC significantly increase cybersecurity capabilities at a fraction of the cost. MS-ISAC services blocked more than one billion attempts to connect to malware domains, and over 320 million attempts to connect to phishing domains.
Recommendations: Create a culture of shared responsibility. Establish direct lines of communication between IT teams and educators. Implement smart technical controls that support learning without hindering it. Strengthen partnerships, as collaboration amplifies impact.
Final Takeaways: Cybersecurity in education isn’t just about protecting data, it’s about protecting the
students and families, as well as the services they rely on every day. Through proactive cybersecurity strategies and collaboration, K-12 schools can greatly improve their cyber defenses against a pervasive and evolving cyber threat.
For more information and to access the full report, please visit https://learn.cisecurity.org/2025-k12-cybersecurity-report-download.