K-12 Cybersecurity 2018 Year in Review

Part IV: School Districts Experiencing Cybersecurity Incidents: 2018


During calendar year 2018, the K-12 Cyber Incident Map cataloged 122 publicly-disclosed cybersecurity incidents affecting 119 public K-12 education agencies across 38 states. Of these, all but seven occurred in regular school districts or charter schools. Two incidents were attributed to state education agencies (in North Dakota [1] and Pennsylvania), one involved a state virtual school (Florida), and the remainder involved regional or special LEAs (local education authorities) serving school districts in their respective states. Moreover, two school districts – Chicago Public Schools and Mt. Diablo (CA) Unified School District – were reported to have experienced more than one cybersecurity incident during calendar year 2018. [2]

What do we know about the characteristics of school districts affected by cybersecurity incidents? Are there certain attributes that make some districts more likely to experience an incident than others? Data assembled for the K-12 Cyber Incident Map are instructive. [3]


First, cybersecurity incidents do not seem to discriminate by community type or school district location. While nearly 40 percent of all 2018 incidents affecting school districts were located in suburban communities, significant numbers of school districts impacted by cybersecurity incidents could be found in cities, towns, and rural communities. Affected school districts and charters can be found from coast-to-coast, from the Florida Keys to Anchorage, Alaska. Slightly fewer incidents were disclosed in the central region of the United States (16 percent), especially as compared to schools in the west (30 percent), although the reasons for this are unclear.

K-12 cybersecurity incidents also did not discriminate by school district size. Over 25 percent of all incidents affected districts and charter schools enrolling fewer than 2,500 students. One third affected districts enrolling between 2,500 and 9,999 students, and the remainder affected districts enrolling larger numbers of students. Of note, not even the largest school districts in the nation were spared from cyber incidents, with greater than 5 percent of incidents affecting districts enrolling 100,000 or more students.

Finally, data about school districts affected by a cybersecurity incident in 2018 suggest a relationship with the poverty of the school community: school districts serving fewer students in poverty were more likely to report a cyber incident in 2018 than districts serving poorer communities. During 2018, nearly 70 percent of incidents affected relatively lower poverty districts (serving less than 20 percent of students in poverty). In contrast, only about 5 percent of incidents affected school districts with a student population of greater than 30 percent in poverty. What might this finding (coupled with a slight proclivity for incidents to occur in suburban communities) suggest about the cybersecurity risks facing K-12 schools during 2018? One plausible hypothesis is that wealthier school communities may be relying on more technology than other district types and hence are exposed to greater risks. The finding may also be an artifact of how cyber incidents are disclosed and identified for publication on the K-12 Cyber Incident Map. Clearly, further research is warranted.

^^ Home  <<Part III: Cybersecurity Incidents: 2018   …   Part V: Lessons for 2019 and Beyond  >>


[1] See “After one-third of North Dakota schools get hacked by foreign entities, state superintendent addresses attack with cyber security standards.” Given that available public reports did not allow attribution to specific school districts, it was attributed instead to the state education agency.

[2] School districts that have experienced more than one publicly-disclosed cyber incident since 2016 are reported here.

[3] Interacting with the pie charts on this page will reveal greater details about the characteristics of public school districts and charter schools that have experienced one or more cyber incidents during calendar year 2018.

The publication of the 2018 report was made possible with the generous support of Core BTSManaged Methods, and PC Matic PRO.