Majority of Districts Lack Dedicated Cybersecurity Funding
According to a recent CoSN survey, most school districts (61%) do not have dedicated funding to keep networks and data secure, instead relying on general funds to pay for cybersecurity efforts. For its 2025 State of EdTech District Leadership report, the association polled 645 ed tech leaders across the United States about evolving cybersecurity measures and other issues faced by today's schools and districts.
Thirteen percent of respondents said they use district dedicated funds for cybersecurity; 9% cited federal funding sources, and 7% look to "other" sources to pay for district cybersecurity measures.
What are those funds being spent on? More than three-quarters of respondents (78%) said they are investing in cybersecurity monitoring, detection, and response tactics. Other areas of spending include:
- Endpoint protection (cited by 65% of respondents);
- Advanced/next-generation firewall (57%); and
- Identity protection and authentication (57%).
Surprisingly, respondents' perception of various cyber risks was low, the report found. While phishing scams were rated as high-risk by 27% of respondents, unauthorized disclosure of student data and ransomware attacks were each perceived as high-risk by just 13%. Identity theft came in at 10%, and malware and DDoS attacks each came in at 7%.
"These risk assessments do not appear take into account the value of K-12 student data to cyber criminals," the report warned. "Risks are very high considering the data security incidents experienced by better-funded, better-resourced public and business sector organizations. With current federal policy changes and the funding cuts to the Multi-State Information Sharing and Analysis Center (MS-ISAC) which had provided cybersecurity training at no cost, cybersecurity risks for districts are poised to increase."
Still, the vast majority of respondents (94%) said their district has plans in place to improve their data privacy practices. Areas of focus include:
- Data security: protecting the confidentiality of student data across all media and auditing regularly (cited by 71% of respondents);
- Professional development: privacy and security training for all staff and related resources for parents (64%);
- Business: vetting processes and data protection agreements for third parties receiving student data (44%);
- Leadership: guidance and resources to direct transparent use and governance of student data (41%); and
- Classroom: building privacy knowledge while advancing curricular goals (36%).
In fact, districts are increasingly adopting processes to vet free ed tech tools before integrating them into teaching and learning:
- 69% require review by IT, up from 60% in 2023;
- 59% utilize an "approved" apps list, compared to 42% in 2023;
- 56% have an established process for adding apps to the "approved" list, compared to 40% in 2023;
- 39% have a designated person in place to approve free apps, compared to 30% in 2023; and
- 23% review all license renewals at the school level, up slightly from 22% in 2023.
The full report is available on the CoSN site here.
About the Author
Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].