Public K-12 education agencies across the country experienced a total of 348 cybersecurity incidents during calendar year 2019, says a report from the K-12 Cybersecurity Resource Center.
The State of K-12 Cybersecurity: 2019 Year in Review, said many of the incidents were significant, resulting in the theft of millions of taxpayer dollars, stolen identities, and the denial of access to school technology and IT systems for weeks or longer.
Student and educator data breaches were the most commonly experienced type of incident in 2019. Over half of these were due to the actions of insiders to the school community, including edtech vendors and other third-party partners. The next most frequent type of cyber incident experienced by schools during 2019 was ransomware, mirroring the experiences of other local government agencies.
Data for the report is drawn from publicly disclosed incidents cataloged on the K-12 Cyber Incident Map. The map and underlying database capture detailed information about two inter-related issues:
- publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools, and other public education agencies (such as regional and state education agencies) in the 50 states and DC, and
- the characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.
Since 2016, the K-12 Cyber Incident Map has documented more than 775 publicly disclosed incidents affecting students and educators across the country and grown to become the definitive source of K-12 cyber incident data.
“There are important steps policymakers, IT leaders, and educators can collectively take to help mitigate the cyber risks facing school districts,” said Douglas A. Levin, president of EdTech Strategies and report author. “These include investing in greater K-12 IT security capacity, mandating baseline K-12 cybersecurity risk management practices via regulation, and supporting enhanced information sharing and research.”
The publication of the report was made possible with the support of Technology Resource Advisors and other sponsors.