K-12 Cybersecurity Spending, Insurance on the Rise

While school districts have a heightened awareness of cyber attacks and are increasingly improving their defense systems, most indicate that they still need dedicated personnel to better protect their data in addition to stronger collaboration from staff, according to an annual survey by the school software company Clever.

Clever’s 27-page report, released this week and assessing “the intersection of people, partnerships and technology” regarding K-12 cybersecurity for 2024, was based on survey findings from more than 800 K-12 administrators across the U.S. who were interviewed between October and December 2023.

According to the report, 73 percent of administrators said they planned to increase spending on data protection measures in the next two to three years — about 4 percent less than the proportion who predicted more digital security spending in Clever’s report last year. Ninety-six percent of respondents said cybersecurity should be a collaborative effort between IT, school leaders and staff; however, 55 percent noted that their district holds the IT department primarily responsible for cybersecurity.

“Ultimately, cybersecurity is about more than tools — it’s about people,” the reports said. “By approaching security as a team effort spanning IT, staff, teachers and beyond, schools can ensure classrooms are safeguarded amidst growing threats.”

The report also noted:

• 73 percent of districts reported a security incident in the past 12 months, and 10 percent were attacked by ransomware.
• 82 percent of surveyed districts have cybersecurity insurance or plan to acquire it.
• 69 percent of respondents said their cybersecurity insurance policy included requirements for multifactor authentication (MFA), 42 percent said theirs mandated cybersecurity training, and 40 percent said theirs mandated incident response planning.
• 33 percent of administrators reported negative feedback from teachers regarding MFA.
• More than 90 percent of respondents had adopted single sign-on technology (one set of login credentials to access multiple applications) or planned to do so within the next two years.
• 89 percent of districts are mulling over new cybersecurity technologies, including stronger data encryption measures and zero-trust security architecture models.
• More than half of respondents complained that their district was not spending enough on data protection efforts.

The report said MFA appears to be a work in progress. While 55 percent of surveyed administrators said their districts had either already approved it or planned to within two years, only 16 percent had fully implemented the security measure for all users and applications. Mobile apps or phone text messages are the favored second-factor methods with MFA, but that could be difficult in schools where not every student has a phone, or where phones are not allowed in classrooms.

“Despite widespread acceptance of MFA’s value, district-wide deployments are scarce, stalled by friction from usability issues which complicate broad rollouts,” the report said.

The release of this report follows a nationwide cybersecurity incident in which Raptor Technologies, a software company that makes attendance and emergency preparedness tools for schools, left a database unsecured, exposing 4 million school safety records to the public that contained personal data on an unknown number of students, teachers and parents. The exposed data was discovered by a cybersecurity researcher in December. Raptor acknowledged the breach, secured the database and initially indicated there was no evidence that other unauthorized parties had accessed the information in question, according to a Jan. 18 news release.