A new report published by the non-profit K12 Security Information Exchange (K12 SIX) finds that while the number of publicly-disclosed cyber incidents at K-12 schools decreased in 2021, the actual number is “surely bleaker,” emphasizing the need for more and better information sharing about K-12 cyber incidents.

The “State of K-12 Cybersecurity: Year in Review” report found the K-12 Cyber Incident Map cataloged a total of 166 school incidents in 2021, affecting schools in 162 school districts across 38 states. Those figures represent a decrease in publicly-disclosed cyber incidents compared to the prior two years.

The report also finds that for the first time ever, ransomware attacks were the most frequently disclosed incident type, with 62 instances of U.S. public K-12 school districts being victimized by ransomware.

However, “anecdotal evidence suggests perhaps 10 to 20 times more K-12 cyber incidents go undisclosed every year,” leading K12 SIX to believe this data “dramatically understates the scope of the issues facing K-12 schools.”

“The lack of more robust K-12 cyber incident public disclosure requirements only serves to obscure the realities of school district and vendor operations from those charged with oversight, and to place school community members at unnecessary risk,” the report says. “As such, the smaller number of incidents reported during 2021 may instead reflect a concerning shift away from public disclosure, undermining the ability of independent researchers – and the policymakers and school system leaders who rely on their work – to accurately assess trends and issues.”

In order to mitigate the rising number of school cybersecurity risks, the report recommends “more and better information sharing about K-12 cyber incidents.”

Many school district leaders have gone out of their way to hide cyber incidents and not share that information with stakeholders, but the report explains that there are actually multiple benefits in disclosure.

Such of those benefits include:

  • Assisting law enforcement in identifying and prosecuting criminals;
  • Facilitating research to inform policy decision making and the development of K-12 specific cybersecurity guidance and tools;
  • Allowing other school districts to take proactive measures to defend themselves from copycat incidents; and
  • Allowing school community members to take steps to protect themselves in a timely manner when they may be at heightened risk personally due to an incident.
Read More About
Grace Dille
Grace Dille
Grace Dille is MeriTalk SLG's Staff Reporter covering the intersection of government and technology.