2025 Predictions: Cybersecurity in K-20 Education -- THE Journal

Cybersecurity

2025 Predictions: Cybersecurity in K-20 Education

What should K-12 and higher education institutions expect on the cybersecurity front in the coming year? Here's what the experts told us.

By Rhea Kelly
01/30/25

In an open call last month, we asked education and industry leaders for their predictions on the cybersecurity landscape for schools, districts, colleges, and universities in 2025. Here's what they told us.

Institutions will need to maintain strong security fundamentals in the face of growing cyber attacks.

“Education institutions face the unique challenge of needing to modernize their networks, while also improving user and employee experience and following compliance requirements. This will remain true in 2025, but these institutions must tackle these problems against the backdrop of persistent cyber attacks, as well as curious and capable students. Between 2023 and 2024, we saw a 35% increase in attacks on the education sector, and as ransomware groups continue to target the sector with more sophisticated attacks — by leveraging tools like generative artificial intelligence — the potential impacts could be devastating. Institutions have no choice but to stay prepared and prioritize improving their security posture.

"Institutions should focus on maintaining strong IT security fundamentals and implementing zero trust architecture — especially for research projects with federal funding ramifications. These strategies minimize the attack surface, prevent breaches, eliminate lateral movement, and stop data loss. Proactively addressing these evolving threats will enable institutions to remain more resilient against a growing threat landscape in the coming year."
— Hansang Bae, public sector chief technology officer, Zscaler

Budget cuts and decreased funding will come with increased risk.

"One of the cyber trends we've witnessed in the past few years is that of the increased data breaches affecting education entities. Community and university school systems alike have gotten caught in the crosshairs of cyber attacks because of how interconnected their third-party digital infrastructures are. While educational institutions may not have been the original target, these opportunistic incidents have shown threat actors the sensitive and privacy information that they hold — critical repositories of sensitive research records, student and faculty privacy information, financial and endowment data, and critical operational resources.

"There are growing concerns that we could see more cyber activities in this sector in the coming year as threat actors focus their sights on state, local, and education (SLED) organizations, exploiting vulnerable legacy technologies and compromising sensitive data. It’s not lost on me that we’re likely to see budgetary cuts and decreased funding across SLED and recognize that it can have an impact on bolstering IT and cyber initiatives now and into the future. My hope is that even without financial incentive, 2025 will see educational institutions place greater emphasis on enhancing cyber hygiene and implement proactive data security solutions across their siloed IT systems to safeguard the sensitive data they collect."
— Ravi Srinivasan, CEO, Votiro

"Higher education is grappling with enrollment challenges, declining state funding, deferred maintenance of aging infrastructure, and the rising cost of student services. As budgets tighten, institutions must be more strategic in their tech investments, prioritizing initiatives that offer the most immediate value for student retention, engagement, and operational efficiency. Technologies that enhance cybersecurity and privacy will take precedence, followed by AI tools that improve teaching and learning outcomes. Institutions will need to be more intentional about aligning investments with long-term goals, ensuring every dollar spent on technology directly contributes to their educational mission.

"Institutions must also contend with the uncertainty surrounding new technologies. The emerging tech regulation and policy landscape is still undefined, which introduces additional risk into investment decision-making. New or unproven technologies carry inherent uncertainties. To serve students and advance high-value research, institutions must carefully weigh the risks of investing in these technologies in an unclear policy environment."
— Eric Wheeler, senior director, product management, Strata Decision Technology

Compliance and policy challenges will require transparent data and communication practices.

"Growing regulatory requirements will impose stricter standards for how student data should be collected, stored, and shared in 2025. But given higher education institutions (HEIs) manage data from multiple sources — like student portals, third-party applications, and learning management systems — ensuring compliance can be challenging. This complex ecosystem increases the risk of data breaches, which can lead to heavy fines and reputational damage for HEIs —requiring them to implement consent and data preference management systems that centralize control and provide clear opt-in/out options for students.

"Transparent data practices will also serve as a competitive advantage this year. HEIs should focus on making privacy policies accessible and clear, demonstrating a commitment to ethical data usage and student rights."
— Nicky Watson, founder and chief architect, Cassie

"As K-12 schools increasingly rely on digital tools and cloud-based platforms, districts across the United States are implementing stringent data protection measures to safeguard student information. The landscape of student privacy regulations continues evolving at state and federal levels, highlighting how schools are responding to growing concerns about data collection, storage, and sharing practices. In 2025, schools will move beyond collecting data to truly making it actionable. Instead of drowning in spreadsheets, educators will leverage predictive analytics to identify students needing support before they fall behind. The most successful districts will be those that can translate complex data into clear, actionable insights for both teachers and families."
— Joy Smithson, data science manager, SchoolStatus

"Data security and privacy, accessibility and ROI will be primary areas of focus for higher ed technology in 2025. The increasing digital transformation across campuses that affords students, faculty and administrators access to streamlined and integrated resources requires a tight security posture and a commitment to accessibility, especially as more states adopt regulations on both fronts. And with the enrollment cliff teetering, ed tech providers will be required to justify and show what efficiencies and savings their solutions can deliver. The new administration is top of mind for international education professionals, and technology will be critical to enabling institutions to quickly adapt to immigration policy changes affecting international students, to communicate changes to students, and to empower a more entrepreneurial approach to targeted international recruiting and creative program development."
— Travis Ulrich, senior vice president of enterprise solutions, Terra Dotta

Protecting digital identities will bring a renewed focus on privacy.

"Protecting students' digital identities will be a growing K-12 cybersecurity challenge in 2025 and beyond. While districts have traditionally focused on safeguarding schools from ransomware attacks, we're seeing a concerning shift toward targeted attacks on individual student accounts. The stakes are particularly high considering the personal information these accounts contain that could impact students well into their futures. Most concerning, perhaps, is the stark security gap between student accounts and those of teachers and staff — with student credentials often protected by only basic password requirements. Districts will need to evolve their identity management strategies to include stronger authentication methods for all users, not just employees, requiring a fundamental shift in how we think about student data protection and moving beyond compliance-focused security to treating student digital identities with the same level of protection we afford other privileged information."
— Trish Sparks, CEO, Clever

"In 2025, we will continue to see a fundamental shift in the concept of personal data ownership, particularly in the government and public health sectors. There is growing recognition that personal data ultimately belongs to individual citizens, not to the institutions that collect or manage it, which is already driving changes and innovations in data management, security, and access control. Governments, especially in countries with socialized healthcare systems, are primed to lead the way in developing frameworks for citizen-controlled data. This trend will necessitate new approaches to data residency, privacy laws, and security protocols. While progress may be slower in larger, more complex systems like the U.S., this ongoing shift will have far-reaching implications in 2025 and beyond."
— Winston Chang, global public sector CTO, Snowflake

AI-fueled attacks will take cybersecurity defense to new fronts.

"In 2025, institutions will prioritize internal defenses and post-breach strategies over traditional perimeter security, recognizing that the fight against cyber attacks is shifting inward. Advanced attacks will increasingly target sectors like education, making data encryption and network segmentation essential components of resilient cybersecurity frameworks. As AI-fueled attacks grow more sophisticated, institutions will focus on limiting attackers' movements within networks, accepting that the perimeter can no longer be the sole line of defense."
— Gary Barlet, public sector CTO, Illumio

"2025 will likely see a continued rise in cybersecurity threats targeting K-12 public education systems. Ransomware attacks, data breaches, and phishing scams remain a significant concern. Our schools' increased reliance on remote learning and digital tools will open even more avenues for attack. To combat these threats, we must invest more in cybersecurity, including advanced firewalls, intrusion detection systems, and staff cybersecurity training. With attackers integrating AI and machine learning for more advanced cyber threats, we need to be even more vigilant in how we approach our cybersecurity solutions. As educational technology and AI evolve, so will the landscape of cybersecurity challenges in K-12 public education."
— Tim Klan, administrator of information and instructional technology, Livonia Public Schools

Critical workforce shortages will impact cybersecurity and competitiveness.

"As we enter the new year, we must recognize and act on the fact that without a robust education system preparing youth for tech-driven fields, our national security and competitiveness are at risk. Critical workforce shortages in AI, quantum computing, and biotechnology highlight the urgent need to invest in STEM and computer science education. States like Indiana, Ohio, and Colorado are leading the charge, creating career-connected pathways for students into high-demand industries. Their efforts should serve as a model nationwide. And we need further investment in education R&D to fuel new innovations in career-connected learning and pathways. Investing in tomorrow's workforce is not just a priority — it's a necessity. It’s time for all federal, state, and district leaders to rise to the challenge this year and secure our technological leadership for generations to come."
— Sara Schapiro, executive director, Alliance for Learning Innovation

Educators, students, and decision-makers will need upskilling to develop and use trustworthy AI.

"In education, we expect the start of a shift from traditional AI tools to agents. In addition, the mainstream use of AI technology with ChatGPT and OpenAI has increased the potential risk of shadow AI (the use of non-approved public AI applications, potentially causing concerns about compromising sensitive information). These two phenomena highlight the importance of accountability, data and IT policies, as well as control of autonomous systems. This is key mostly for education providers, where we think there will be greater attention paid to the AI guardrails and process. To be prepared, educators, students, and decision-makers at all levels need to be upskilled in AI, with a focus on AI ethics and data management. If we invest in training the workforce now, they will be ready to responsibly develop and use AI and AI agents in a way that is trustworthy."
— Justina Nixon-Saintil, vice president and chief impact officer, IBM

E-Mail this page

Printable Format

Featured

Call for Entries: 2024 THE Journal Product Awards

The entry period for the 2024 THE Journal Product Awards is now open.
N.C. District to Build New K–12 Innovation Center

Edgecombe County Public Schools in Edgecombe, N.C., has received $62 million in government funding for the development of the new North Edgecombe School of Innovation, according to a news release.
Call for Opinions: 2025 Predictions for Education IT

How will the technology landscape in education change in the coming year? We're inviting our readership to weigh in with their predictions, wishes, or worries for 2025.
Microsoft Copilot Gains Actions Feature, New Agents in Latest Update

Microsoft has introduced new and enhanced features for Microsoft 365 Copilot, including Copilot Actions, new AI "agents," and a Copilot Control System.