Skip to main content

The State of K-12 Cybersecurity: 2019 Year in Review

Cross-posted on the EdTech Strategies blog:

According to a report released today by the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2019 Year in Review, public K-12 education agencies across the country experienced a total of 348 cybersecurity incidents during calendar year 2019. This is nearly 3 times as many incidents as were publicly-disclosed during 2018. Many of these incidents were significant, resulting in the theft of millions of taxpayer dollars, stolen identities, and the denial of access to school technology and IT systems for weeks or longer.

Student and educator data breaches were the most commonly experienced type of incident in 2019. Over half of these were due to the actions of insiders to the school community, including edtech vendors and other third-party partners. The next most frequent type of cyber incident experienced by schools during 2019 was ransomware, mirroring the experiences of other local government agencies.

Data for the report is drawn from publicly disclosed incidents cataloged on the K-12 Cyber Incident Map. The map and underlying database capture detailed information about two inter-related issues:

  • publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools, and other public education agencies (such as regional and state education agencies) in the 50 states and DC, and
  • the characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.

The K-12 Cyber Incident Map has identified over 775 school cybersecurity incidents since 2016.

The K-12 Cyber Incident Map has identified over 775 school cybersecurity incidents since 2016.

Since 2016, the K-12 Cyber Incident Map has documented over 775 publicly disclosed incidents affecting students and educators across the country and grown to become the definitive source of K-12 cyber incident data.

A webinar (co-hosted by EdTech Strategies and Global Resilience Federation) is scheduled for March 5 to share findings from this report and announce a new, non-profit cooperative intelligence exchange. To register – and for more details – visit:

To view the report, please visit:

For news and updates about K-12-specific cybersecurity issues and incidents – as well as to be notified of new resources such as this report – be sure to sign up for the newsletter of the K-12 Cybersecurity Resource Center and follow @K12CyberMap.


Similar posts