Key points:
The long-term impacts of K-12 cyberattacks, including lost learning time and disruptions to school operations, are just as damaging as stolen data, according to a new report from the Center for Internet Security, Inc. (CIS).
The 2025 CIS MS-ISAC K-12 Cybersecurity Report, released at the SXSW EDU conference, details the increasing sophistication, frequency, and impact of cyberattacks against K-12 schools.
This is the third annual CIS report dedicated to K-12 cybersecurity, and the second year CIS has partnered with the Consortium for School Networking (CoSN), to direct attention and resources to this critical issue.
Key findings
New School Safety Resources
- Eighty-two percent of reporting K-12 organizations experienced cyber threat impacts
- Nearly 14,000 security events were observed, with 9,300 confirmed incidents
- Cybercriminals target human behavior at least 45 percent more than technical vulnerabilities
- Attacks surge during high-stakes periods like exams, disrupting education and forcing difficult decisions
Impact on communities
“The long-term impacts of stolen student and faculty data are only part of the story,” said Randy Rose, VP of security operations and intelligence at CIS. “Schools are a vital part of our local communities and cyberattacks against these institutions can have real-world consequences that include missed days, canceled exams, wasted food, and disruptions to child care among other things.”
Building cyber resilience:
CIS emphasizes the importance of a collaborative approach to cybersecurity. Early engagement with the Multi-State Information Sharing and Analysis Center (MS-ISAC) improves outcomes, and schools that leverage no- and low-cost cybersecurity resources from the MS-ISAC significantly increase cybersecurity capabilities at a fraction of the cost. MS-ISAC services blocked more than one billion attempts to connect to malware domains, and over 320 million attempts to connect to phishing domains.
Recommendations
To better protect against cyberattacks:
- Create a culture of shared responsibility
- Establish direct lines of communication between IT teams and educators
- Implement smart technical controls that support learning without hindering it
- Strengthen partnerships, as collaboration amplifies impact
Final takeaways
Cybersecurity in education isn’t just about protecting data, it’s about protecting the students and families, as well as the services they rely on every day. Through proactive cybersecurity strategies and collaboration, K-12 schools can greatly improve their cyber defenses against a pervasive and evolving cyber threat.
This press release originally appeared online.
