One in 3 school districts ranked lack of dedicated cybersecurity personnel as their top challenge in safeguarding schools, according to Cybersecure 2024, an annual survey from Clever that polls school administrators and offers an in-depth look at the state of cybersecurity across the U.S. K-12 landscape.
The survey of over 800 administrators, conducted in fall of 2023, illuminates the challenges and opportunities for schools in strengthening cybersecurity.
The results are in line with similar findings from CoSN that many district leaders lack sufficient cybersecurity resources and face budget constraints. In fact, 50 percent of districts also reported wanting to spend more on cybersecurity than they currently do, underscoring the growing need for investments and preparation. This need is evidenced by one district’s experience with a major ransomware attack:
“Our collaborative stance on cybersecurity was strengthened by experiencing a major ransomware attack, said Christy Fisher, chief technology officer with Norman Public Schools. “It emphasized the need for cybersecurity insurance and the critical role of cross-departmental cooperation in negotiating and understanding the financial aspects of cyber risk.”
Moreover, while 96 percent of administrators reported cybersecurity as something that should be a collaborative effort, only 17 percent reported their strategies truly reflect this team-based approach. As evidenced by these findings, cybersecurity must involve all staff – from IT staff to individual employees – in awareness, training and prevention efforts to create a culture of shared data/system protection responsibility.
Other key findings from the report, which features perspectives from more than 800 administrators, include:
- Growing cybersecurity threats: Phishing and ransomware are identified as the biggest threats, with 80 percent of administrators concerned about phishing attacks.
- New cybersecurity tools: 89 percent of districts want to adopt new tech tools to enhance protection, with a focus on identity and access management systems, data encryption, and zero-trust security models.
- Increasing vendor scrutiny: Half of U.S. districts have updated vendor security criteria in the past 2 years; 55 percent are planning more changes in the year ahead.
The report also provides practical recommendations for districts, including emphasizing user-friendly cybersecurity tools, establishing clear criteria for evaluating and selecting edtech vendors and partners, and mobilizing mindshare around cybersecurity by training all staff roles.
In response to the report findings, Trish Sparks, CEO of Clever, underscored the people-first aspect of cybersecurity: “It’s not just about technology — it’s about people too. To keep schools safe, everyone involved—tech providers, admins, and teachers—needs to know cybersecurity best practices. Tools like MFA must be easy to use, making it more likely for everyone to use them and keep schools secure.”
This press release originally appeared online.