3 in 4 Administrators Expect a Security Incident to Impact Their School This Year

In an annual survey from education identity platform Clever, 74% of administrators admitted that they believe a security incident is likely to impact their school system in the coming year. That's up from 71% who said the same last year. Notably, the number of respondents reporting cyber attacks also increased: 36% in this year's survey compared to 31% last year.

For its Cybersecure 2025 Report, Clever surveyed more than 500 school administrators across the United States in Q4 2024 to get their perspective on the state of cybersecurity in K-12 education. About 52% of respondents had IT leadership roles, including director of IT, chief information officer, chief technology, and IT manager. Just 1.5% of respondents held a cybersecurity specialist role, perhaps reflecting a pervasive lack of cybersecurity resources in the field. In fact, respondents ranked cybersecurity staffing shortages as their biggest challenge (cited by 37%, compared to 32% last year), with budget constraints the second most pressing issue (cited by 23%).

Other key findings include:

  • Only 5% of students have multi-factor authentication protection, compared to 90% of teachers and 95% of IT staff.
  • 1 in 4 school systems report an increase in cyber attacks targeting student accounts.
  • Just 24% of respondents feel "very confident" in their ability to protect student digital identities.
  • 70% of respondents believe AI is increasing cybersecurity risks.
  • 46% of school systems have some kind of process for evaluating AI in ed tech products, but only 9% have established formal vetting procedures.
  • More than half of respondents (53%) said their cybersecurity spending is insufficient to meet demands.

The report offers the following recommendations for schools and districts:

  • Prioritize student account protection, as students are prime targets for cyber attacks;
  • Modernize identity and access management by implementing a zero-trust security model supported by automated identity and access management tools;
  • Choose security solutions that reduce reliance on devices (which are often restricted for students) for multi-factor authentication; and
  • Partner with vendors, state agencies, and the ed tech community to create a transparent, effective cybersecurity ecosystem.

The full report is available on the Clever site (registration required).

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured