School Cybersecurity Is Top Concern To Lawmakers, Yet It Remains Largely Underfunded

Just 6% of states report adequately funding cybersecurity, yet lawmakers in each one say it is of top concern.

By Kari Apted | Published

Pediatricians Say Children With Head Lice Should Remain In School

Cybersecurity, or information technology (IT) security measures protect networked systems and applications from malware, phishing, and other threats. When it comes to ed tech, privacy and security are what education officials name as their top priorities, but a mere 6% of respondents to the 2022 State EdTech Trends survey by the State Educational Technology Directors Association (SETDA) said their state provides adequate funding for technological safety.

Another 57% said that their state provides little money for cybersecurity measures, and only 37% said they had the tools they needed to keep critical systems and sensitive information safe from threats. The survey’s respondents were a diverse combination of SETDA members, state superintendents, and senior state officials from all 50 states, the District of Columbia, the Department of Defense’s Education Activity schools, and the Northern Mariana Islands. The Education Commission of the States and Whiteboard Advisors partnered with SETDA to conduct the revealing survey.

During the COVID-19 lockdowns, schools around the globe relied on complex computer systems to deliver virtual lessons to students. Without adequate cybersecurity measures, the investment into these systems could be money wasted. Additionally, users’ personal information is at risk.

According to IBM, there are several main cybersecurity threats evolving at the moment. Malware damages computer systems by installing worms, viruses, spyware, and Trojans designed to get around antivirus tools and other detective methods. Ransomware is a type of malware that locks data, files, or systems while threatening to destroy them.

As the name indicates, organizations are then under pressure to pay a ransom to restore the components being held. Phishing tricks computer users into providing sensitive information via email or text message scams. This kind of social engineering surged during the pandemic and is a particular vulnerability of remote work and education systems.

Insider threats are exactly what they sound like: cybersecurity attacks by former employees or contractors who had access to systems and abuse those permissions. Distributed denial-of-service (DDoS) attacks overload systems with traffic through multiple coordinated efforts, overwhelming the network used for routers, printers, modems, and other system components. Advanced persistent threats (APTs) happen when intruders infiltrate a system and remain undetected long enough to spy on activities and steal sensitive data, and finally, man-in-the-middle attacks occur when a criminal intercepts data while it’s passing between the network and a user’s device.

Cybersecurity is a complex, ever-evolving problem, and smaller school districts struggle to find the funds to hire experts in the field. However, state leaders may hold the answer to the problem by forming small district cooperatives to share resources with schools.

Julia Fallon, executive director of SETDA, said, “For me, smaller districts will always lack resources. They don’t have the headcount to generate it. But then how do we, as states, step in and have an opportunity to help?”


After a major ransomware attack on many of the Los Angeles Unified School District’s IT systems, SETDA has called on the Federal Communications Commission to earmark E-rate funding to protect school networks. State departments of education must begin to take seriously their responsibility to keep students and private data safe from attack—and to protect expensive IT systems acquired during the pandemic. Although hiring cybersecurity experts can be expensive, it’s a preventative action that promises to save K-12 school districts money in the long run.