The Growing Cybersecurity Crisis in K–12 Education

As ransomware attacks on schools skyrocket, one urgent question remains: Who is protecting our schools now that federal support is vanishing?

The shutdown of the U.S. Department of Education—paired with the Trump administration’s cuts to key cybersecurity programs at the Cybersecurity and Infrastructure Security Agency (CISA)—has created a dangerous vacuum in the fight to protect K–12 institutions. Funding for critical services provided through the Multi-State Information Sharing and Analysis Center (MS-ISAC) is being eliminated, and staffing at the Office of Educational Technology has been slashed.

Just when school districts need federal help the most, it’s being pulled away.

Schools Under Siege

Cyberattacks are no longer rare in education—they’re a daily threat. In 2023 alone, cyber incidents targeting K–12 schools jumped 65%, according to the K12 Security Information Exchange (K12 SIX). Ransomware has locked down school operations in cities like Los Angeles, Las Vegas, and Baltimore County. Student data has been stolen, classes canceled, and entire systems forced offline.

Small and rural districts, often lacking IT personnel and infrastructure, are especially vulnerable. In many cases, a single IT director is left to defend an entire district with limited tools and no backup.

These aren’t just technical disruptions. They are educational, financial, and emotional crises.

Federal Support—Gone

Until recently, schools could lean on CISA and MS-ISAC for free, expert support: real-time threat intelligence, 24/7 monitoring, incident response, and vulnerability scanning.

Now, those lifelines are disappearing.

Without federal coordination or funding, school districts are left to fend for themselves. Well-resourced districts may turn to private vendors—but most can’t afford that. The result is a cybersecurity landscape marked by inequity, fragmentation, and confusion.

Staffing cuts at the Office of Educational Technology also eliminate essential leadership and guidance at a time when schools need it most.

Do States and Local Governments Fill the Gap?

Sometimes—but not consistently.

A few states, like Texas and New York, have made cybersecurity for schools a priority. Others offer little more than recommendations. There’s no national standard. No baseline level of preparedness. No guaranteed resources.

Local governments often don’t have the capacity or funding to provide meaningful support. Most district IT teams juggle everything from Chromebooks to servers—while also defending against professional cybercriminals.

If a District Is Attacked—Who Do They Call?

That’s the most alarming part: No one knows.

With CISA and MS-ISAC support evaporating, schools have no clear point of contact during an attack. Some are left Googling private firms or calling state agencies with limited bandwidth. Others are forced to wait for consultants—if they can afford them.

Nonprofits like K12 SIX and CoSN offer valuable resources, but they can’t replace a federally coordinated response. The gap is widening, and the consequences are growing.

What This Means for Policy—and for Students

These federal cuts aren’t just a budgeting decision. They’re a failure to protect the core infrastructure of modern education.

Today’s classrooms run on tech. Student records, assessments, lesson plans, transportation systems, payroll—all of it relies on digital systems. A ransomware attack doesn’t just lock up files.

• It halts learning.
• It breaches trust.
• It puts students at risk.

If cybersecurity isn’t treated as a core component of school safety—on par with physical security—we’re setting up our schools to fail.

What Needs to Happen Now

We need bold, coordinated action. Immediately.

• Restore and expand federal cybersecurity funding for schools

• Reestablish a dedicated federal K–12 cybersecurity task force

• Create national cybersecurity standards for districts

• Ensure all schools have access to 24/7 threat detection and response

• Fund training for IT staff and cybersecurity awareness for educators

Cybersecurity is not optional. It’s not a tech department problem. It’s an education problem—and it’s everyone’s problem.

The question isn’t if your district will be targeted. It’s when. When that moment comes, we need to know if someone will answer the call.

Forbes Breaking News

Subscribe to edCircuit to stay up to date on all of our shows, podcasts, news, and thought leadership articles.