CIS Study Finds 82% of K-12 Organizations Experienced Cyber Threat Impacts in the Past 18 Months

A new report from the Center for Internet Security highlights the increasing sophistication, frequency, and impact of cyber attacks against K-12 schools. The 18-month study collected data from more than 4,600 schools and districts, including responses to CIS's 2023 and 2024 Nationwide Cybersecurity Review, MS-ISAC member feedback, services data, direct reporting data from the CIS Security Operations Center, data from CIS Cyber Incident Response Team engagements, and threat data from the CIS Cyber Threat Intelligence Team.  

Eighty-two percent of reporting K-12 organizations said they had experienced cyber incidents in the past 18 months. Nearly 14,000 security events were observed, with 9,300 confirmed incidents. Notably, attacks surged during high-stakes periods like the beginning of the school year or exams — times when restoring services is most critical. "The timing of attacks may demonstrate increasing sophistication of cybercriminals and a move toward strategic targeting K-12 organizations during the academic calendar's pressure points," the report said.

Attacks targeting human behavior exceeded other techniques (such as exploiting technical vulnerabilities) by at least 45%. Malvertisement — using deceptive ads to lead users to malware or phishing scams — was the top malware infection vector, representing 63% of attack methods. "The trend toward attacks that target human vulnerabilities highlights the adaptability of threat actors, who are now exploiting the inherently supportive and trusting characteristics of educational settings," the report noted. "Teachers, administrators, and support staff, whose primary focus is helping students succeed, now find themselves on the front lines of cybersecurity defense."

The report's cybersecurity recommendations reflect the importance of the human element. In addition to implementing technical controls and frameworks, institutions must empower users, boost security awareness, and foster community resilience, the report emphasized.

"Our research shows that K-12 organizations can achieve significantly better security outcomes when they … foster an environment where every individual understands their vital role in protecting their school community," the report asserted. "While cybersecurity measures often focus on the technical aspects of securing the environment, integrating a human-first approach to security mirrors what K-12 organizations are already doing to address types of threats such as tornadoes or fires. K-12 organizations should develop environments where everyone who accesses the network — from administrators to substitute teachers — feels they are a crucial part of the security team."

The full report is openly available on the CIS site

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  •  laptop on a clean desk with digital padlock icon on the screen

    Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • chart with ascending bars and two silhouetted figures observing it, set against a light background with blue and purple tones

    Report: Enterprises Are Embracing Agentic AI

    According to a new report from SnapLogic, 50% of enterprises are already deploying AI agents, and another 32% plan to do so within the next 12 months..

  • stacks of glowing digital documents with circuit patterns and data streams

    Mistral AI Intros Advanced AI-Powered OCR

    French AI startup Mistral AI has announced Mistral OCR, an advanced optical character recognition (OCR) API designed to convert printed and scanned documents into digital files with "unprecedented accuracy."

  • student using a tablet with math symbols dissolving into a glowing AI

    Survey: Students Say AI Use Can Reduce Math Anxiety

    In a recent survey, 56% of high school students said that the use of artificial intelligence can go a long way toward reducing math anxiety.