K-12 cyber awareness still lagging among leadership, say IT staff

Just 12% of K-12 tech leaders said their school board members have a high degree of awareness of cyberthreats facing the education sector.
cyber awareness
(Getty Images)

Few technology leaders in K-12 school districts believe their organizations’ top officials have a “high awareness” of cybersecurity issues, according to a poll published Monday by the cloud-security firm iBoss and the edtech nonprofit Project Tomorrow.

The survey, which interviewed 599 IT officials and other administrators, found that just 12% of school technology leaders believe their districts’ board members are fully aware of the digital threats they face. Superintendents fared slightly better, with 39% of tech leaders giving a vote of confidence, but only 19% said the same for principals, and just 6% gave credit to parental leaders.

The report lands as yet another reminder of a widening gulf between the threats school systems face from ransomware, data breaches and other attacks, and their relative preparedness to handle such issuess.

“Overall, the relatively low levels of awareness of key stakeholders in cybersecurity preparation is sobering,” the report reads.


IBoss and Project Tomorrow are hardly alone in sounding alarms on the state of cybersecurity in the K-12 sector. Last week, the K-12 Security Information Exchange, an industry-led group, reported that while the overall number of cyberattacks on schools last year dropped from 2020, recovery costs are going up and districts are growing more opaque in disclosing whether they’ve endured an incident.

Meanwhile, the poll also showed wide gaps between school IT officials and their non-technical counterparts in their overall worries about cyberattacks on their networks. While 46% of tech leaders surveyed described their concern as “high,” just 22% of administrators felt the same way.

“It’s startling that we don’t have the appropriate level of awareness about cybersecurity among district leadership, despite attacks reaching a crisis point and school district leadership needs to be more accountable,” Richard Quinones, iBoss’ senior vice president for public sector and a former consulting CIO with the Los Angeles Unified School District, said in a press release.

The report also states that even as schools nationwide have returned to in-person learning after two years of interruptions, the education sector’s increased reliance on networked technology is unlikely to recede with the pandemic, with learning management systems, productivity software and other cloud-based applications becoming permanent features.

“Despite nostalgic pulls for a pre-pandemic school model, it is simply not possible to turn the clock back to February 2020 and unravel the increased dependency we have today on technology within our education systems,” the report reads.


Yet even with the increased reliance use of technology, the survey also found big differences between IT officials and district administrators on what steps should be used to lock them down. While, for instance, 68% of tech leaders said they could better protect data by tightening network administrative privileges, just 30% of non-technical district leaders agreed. Regular software updates, installing antivirus tools and training staff and students on best practices also all failed to reach 50% with non-IT respondents.

“The deep disconnects between the views of these disparate leadership groups within a district present a real challenge for school districts who want to implement more rigorous security measures,” the report reads.

The iBoss and Project Tomorrow survey is in some ways consistent with a report last year from CompTIA’s Public Technology Institute, which found many local-government IT officials struggling to get the attention of their communities’ political leaders.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts