Cybersecurity Outlook

Quarter of K–12 Admins Surveyed Reported a Cyber Incident in Past Year

Clever Research Shows Differences Among Teachers, Administrators on Vulnerabilities, Needs, Spending Plans

In a recent survey conducted by single sign-on provider Clever, 25% of administrators responding said their district had experienced a hack, phishing incident, data breach, or other cyberattack in the past year.

Clever’s new report, “Cybersecure 2023: The State of Data Security and Privacy in K–12 Schools,” shares results from its survey of nearly 4,000 U.S. school administrators and educators, conducted in October 2022. The research was conducted by Whiteboard Advisors.

The respondents included more than 800 administrators, including those with ed tech or instructional tech roles; over 3,000 teachers from all grade levels, according to Clever’s report.

The survey reveals that teachers underestimate cyber risks when compared to administrators and overestimate the potential vulnerabilities posed by students and staff.

“Only 11% of teachers surveyed said they thought a cyberattack on a school near them would be ‘very likely,’ while 25% of administrators said that their district had already experienced a cyberattack in the past year,” the report said.

Of those administrators reporting their district had experienced some type of cyber incident in the past year, two-thirds cited phishing attacks targeting staff email.

Graphic from Clever Cybersecure 2023 report on types of incidents reported by K-12 respondents

On their views of biggest vulnerabilities, 67% of teachers responding to the survey said they consider students as the biggest risk for a security incident, with teachers representing the second-biggest risk according to respondents.

Just 6% of teachers ranked administrators or technology staff as posing the biggest potential cybersecurity risk.

Administrators, on the other hand, reported a “more diffuse sense of the potential risk,” Clever said. Administrators responding to the survey were three times more likely than teachers to assign cybersecurity risk to administrators.

Graphic from Clever Cybersecure 2023 report on K-12 educators' thoughts on vulnerabilities

Similarly, when asked about data privacy, administrators were five times more likely than teachers to “believe their peers in administration are the biggest vulnerability,” the report said. They were also far more likely than teachers to report a belief that their ed tech vendors pose a risk to student data privacy.

When asked about their cybersecurity posture and readiness, more than half of administrators, or 63%, and 53% of teachers said they feel their districts were prepared for digital security challenges. Nearly all the teachers responding (91%) said they were “very confident” in their knowledge of their schools’ acceptable use policy, 90% were “very confident” in their knowledge of student data confidentiality practices, and 89% were “very confident”’ in their understanding of the importance of good password management.

Teachers and administrators both responded that devices were the “most vulnerable part of their technology infrastructure,” but administrators reported other potential risks, too: Administrators were twice as concerned as teachers about vulnerabilities from curriculum and instruction software, and four times as concerned about risks posed by administrative platforms such as an LMS or SIS.

Graphic from Clever Cybersecure 2023 report on educators' beliefs about technical infrastructure vulnerabilities

Since the pandemic-era explosion in the use of digital learning tools, over half of administrators responding reported an increase in staff training and informal conversations about digital security. Yet only 25% of teachers responding said they had experienced more additional training. Two-thirds of teachers surveyed reported they wanted to learn more about topics related to data privacy and security.

graphic from Clever Cybersecure 2023 report on educators' reported interest in additional digital security training

In looking ahead at digital security needs, plans, and spending, three of four districts responding said they planned to increase their spending on security and privacy over the next two to three years, according to Clever’s report.

  • 51% of districts responding said they've used federal stimulus funding to support student data privacy and/or cybersecurity during the pandemic.
  • 77% of administrators responding said they expect their district's spending on digital security to increase over the next two to three years, which includes the 12% of respondents that answered "it will increase significantly."
  • 18% of administrators said digital security spending will not change.
  • 4% answered "it will decrease," and 1% said "it will decrease significantly."

Read more or download the full survey report at

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].