Report: 82 Percent of K-12 Organizations Experienced Cyber Threat Impacts

The Center for Internet Security, Inc. (CIS) has released its 2025 CIS MS-ISAC K-12 Cybersecurity Report at the SXSW EDU conference in Austin, Texas, to an audience of educators, administrators, innovators, and technology experts. The report details the increasing sophistication, frequency, and impact of cyber attacks against K-12 schools. This is CIS’s third annual report dedicated to K-12 cybersecurity, and the second year partnering with the Consortium for School Networking (CoSN), bringing together experience, expertise, and resources to address this critical issue.

Key Findings:

  • 82% of reporting K-12 organizations experienced cyber threat impacts.
  • Nearly 14,000 security events were observed, with 9,300 confirmed incidents.
  • Cybercriminals target human behavior at least 45% more than technical vulnerabilities.
  • Attacks surge during high-stakes periods like exams, disrupting education and forcing difficult decisions.

Impact on Communities: "The long-term impacts of stolen student and faculty data are only part of the story," said Randy Rose, VP of Security Operations and Intelligence at CIS. “Schools are a vital part of our local communities and cyber attacks against these institutions can have real-world consequences that include missed days, canceled exams, wasted food, and disruptions to child care among other things.”

Building Cyber Resilience: CIS emphasizes the importance of a collaborative approach to cybersecurity. Early engagement with the Multi-State Information Sharing and Analysis Center (MS-ISAC®) improves outcomes, and schools that leverage no- and low-cost cybersecurity resources from the MS-ISAC significantly increase cybersecurity capabilities at a fraction of the cost. MS-ISAC services blocked more than one billion attempts to connect to malware domains, and over 320 million attempts to connect to phishing domains.

Recommendations: Create a culture of shared responsibility. Establish direct lines of communication between IT teams and educators. Implement smart technical controls that support learning without hindering it. Strengthen partnerships, as collaboration amplifies impact.

Final Takeaways: Cybersecurity in education isn’t just about protecting data, it’s about protecting the students and families, as well as the services they rely on every day. Through proactive cybersecurity strategies and collaboration, K-12 schools can greatly improve their cyber defenses against a pervasive and evolving cyber threat. For more information and to access the full report, please visit https://learn.cisecurity.org/2025-k12-cybersecurity-report-download.

Featured

  • How Composable Security Technologies Fortify Campus Safety

    Campus security teams have faced myriad risks threatening the safety and well-being of students and faculty this semester. Leaders have made tough tradeoffs about where to focus and how to channel limited resources to best protect their communities — but they now have a much-needed lift to their toolkit. Read Now

  • How Emerging Technologies are Transforming the School Security Landscape

    Students can't focus on learning when they're worried about their safety. As education systems nationwide face evolving security challenges with limited resources, a new generation of integrated technology solutions is helping schools create safer environments while maximizing staff efficiency. Read Now

  • How to Harness ALPR for Greater Security Efficiency and Collaboration

    Within higher education campus environments, the demand for greater security, efficiency, and resources is ever-present. Many higher education teams are adopting advanced technologies to secure their campus, streamline operations, and continue to best serve their students and faculty. Automatic license plate recognition (ALPR) technology stands out for its ability to meet a wide range of campus objectives. Read Now

  • Using Emerging Technologies to Address Healthcare Staffing, Workplace Violence Issues

    The healthcare industry consistently adopts new technology to address challenges across all of its sectors. Many of the emerging technologies that are available today are being applied to optimize workflow. To enhance their operational efficiency, hospitals and other healthcare providers typically embrace emergent technologies to streamline tasks in patient care, administration, and, of course, security. Read Now