School Districts Fall Victim to Cybersecurity Threats Placing Millions of Students and Teachers at Risk

HERNDON, Va.--(BUSINESS WIRE)--The “State of K-12 Cybersecurity: Year in Review” report is a product of the Kindergarten Through Twelfth Grade Security Information Exchange (K12 SIX), based on data from the K-12 Cyber Incident Map, the definitive source of information about publicly disclosed cyber incidents affecting U.S. public schools and education agencies.

During the 2021 calendar year, the most recent K12 SIX report cataloged 166 publicly-disclosed cyber incidents affecting 162 school districts across 38 states. For the first time ever, ransomware represented the most frequently disclosed incident type. Ransomware attacks against schools during 2021 commonly resulted in school closures with unbudgeted remediation and recovery costs ranging from hundreds of thousands to many millions of dollars.

Data breaches represent the second most common incident type tracked. As in previous years of the report, most data breaches involved confidential information of current and former students and—to a lesser degree—teachers and other staff. The most significant vector for data breaches were school vendors and suppliers. In fact, since 2016, 55% of all publicly-disclosed K-12 data breaches have been the result of compromised vendors.

This “State of K-12 Cybersecurity: Year in Review” report is the fourth in an annual series designed to shed light on cybersecurity incident trends in the U.S. K-12 public education sector, based on a data source that the U.S. Government Accountability Office (GAO) found to be the “most complete resource that tracks K-12 cybersecurity incidents, including student data breaches.”

Since 2016, this research effort has identified a total of 1,331 publicly disclosed school cyber incidents across a wide array of incident types, including:

• Student data breaches
• Data breaches involving teachers and school community members
• Ransomware attacks
• Business email compromise (BEC) scams
• Denial of service (DoS) attacks
• Website and social media defacement
• Online class and school meeting invasions
• Other incidents

Averaged over the last six years, this equates to a rate of more than one publicly reported K-12 cyber incident being experienced by the nation’s schools per school day, with the estimate of the actual number of incidents many times that amount.

For more data and analysis on cyberattacks against K-12 schools, download the report. The document also offers concrete recommendations school districts can take to improve their security, including by leveraging information sharing, implementing baseline security controls, and by improving the vetting of vendors and suppliers.

About K12 SIX
Kindergarten Through Twelfth Grade Security Information Exchange (K12 SIX) is a cyber and physical threat information sharing hub for school districts, to aid in preventing and mitigating attacks. This non-profit member community is a cost-effective forum for crowdsourcing security information among a vetted, trusted group of professionals with a common interest, using common technology and with supporting, independent analysis from the K12 SIX security staff. Visit www.K12SIX.org to learn more. K12 SIX is a member of the Global Resilience Federation multisector network of information sharing communities.