CIS Study Finds 82% of K-12 Organizations Experienced Cyber Threat Impacts in the Past 18 Months

A new report from the Center for Internet Security highlights the increasing sophistication, frequency, and impact of cyber attacks against K-12 schools. The 18-month study collected data from more than 4,600 schools and districts, including responses to CIS's 2023 and 2024 Nationwide Cybersecurity Review, MS-ISAC member feedback, services data, direct reporting data from the CIS Security Operations Center, data from CIS Cyber Incident Response Team engagements, and threat data from the CIS Cyber Threat Intelligence Team.  

Eighty-two percent of reporting K-12 organizations said they had experienced cyber incidents in the past 18 months. Nearly 14,000 security events were observed, with 9,300 confirmed incidents. Notably, attacks surged during high-stakes periods like the beginning of the school year or exams — times when restoring services is most critical. "The timing of attacks may demonstrate increasing sophistication of cybercriminals and a move toward strategic targeting K-12 organizations during the academic calendar's pressure points," the report said.

Attacks targeting human behavior exceeded other techniques (such as exploiting technical vulnerabilities) by at least 45%. Malvertisement — using deceptive ads to lead users to malware or phishing scams — was the top malware infection vector, representing 63% of attack methods. "The trend toward attacks that target human vulnerabilities highlights the adaptability of threat actors, who are now exploiting the inherently supportive and trusting characteristics of educational settings," the report noted. "Teachers, administrators, and support staff, whose primary focus is helping students succeed, now find themselves on the front lines of cybersecurity defense."

The report's cybersecurity recommendations reflect the importance of the human element. In addition to implementing technical controls and frameworks, institutions must empower users, boost security awareness, and foster community resilience, the report emphasized.

"Our research shows that K-12 organizations can achieve significantly better security outcomes when they … foster an environment where every individual understands their vital role in protecting their school community," the report asserted. "While cybersecurity measures often focus on the technical aspects of securing the environment, integrating a human-first approach to security mirrors what K-12 organizations are already doing to address types of threats such as tornadoes or fires. K-12 organizations should develop environments where everyone who accesses the network — from administrators to substitute teachers — feels they are a crucial part of the security team."

The full report is openly available on the CIS site

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • student and teacher using AI-enabled laptops, with rising arrows on a graph

    Research: Student and Teacher AI Use Jumps Nearly 30% in One Year

    In a survey from learning platform Quizlet, 85% of high school and college students and teachers said they use AI technology, compared to 66% in 2024 — a 29% increase year over year.

  • laptop with AI symbol on screen

    Google Launches Lightweight Gemma 3n, Expanding Emphasis on Edge AI

    Google DeepMind has officially launched Gemma 3n, the latest version of its lightweight generative AI model designed specifically for mobile and edge devices — a move that reinforces the company's focus on on-device computing.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • students raising their hands and participating in a classroom discussion

    Report Explores Link Between Student Engagement and Learning

    Over 90% of teachers, principals, and superintendents agree that student engagement is a critical metric for understanding overall achievement, according to a new survey report from Discovery Education.