A new report from the Consortium for School Networking (CoSN) has found that policymakers are showing increased interest and understanding of cybersecurity threats that schools are facing.
The newly released 2023 Education Cybersecurity Policy Developments report inventories state and Federal education cybersecurity bills and laws that emerged in 2023. CoSN found that since 2020 there has been a 25 percent increase in the number of education cybersecurity bills introduced by state legislators. And the number of new related laws adopted by states surged by 620 percent.
“Policymakers increasingly understand that K-12 education is under siege from cyber threats. School systems hold a vast amount of sensitive information about students and staff that cybercriminals can exploit, and it is imperative for both states and the federal government to enhance their efforts to secure educational networks and data,” said Keith R. Krueger, CEO of CoSN.
Specifically, the report found that legislators in 42 states introduced 307 cybersecurity bills with direct or indirect focus on the education sector in 2023 compared to 232 similar bills that were introduced in 2022, 170 bills in 2021, and 87 such bills in 2020.
In terms of successful legislation, in 2023,governors signed 75 new cybersecurity laws in 33 states with education implications. CoSN said this represents a significant increase from previous years, when governors signed 37 bills in 2022, 49 in 2021, and ten in 2020. The report notes that legislation in 2023 largely sought policy revisions that applied to all state and local government rather than specifically focusing on school districts.
On the Federal level, the report found that legislators introduced five cybersecurity bills with an education focus.
The report also highlighted noteworthy policy developments in 2023, including:
- Cyber Risk Insurance Funds: States have undertaken the creation of cyber risk insurance funds aimed at mitigating the escalating insurance costs faced by school districts.
- Regional Alliances and Partnerships: Efforts to establish and reinforce regional alliances and multistakeholder partnerships to foster information sharing and collaborative responses to cyberattacks are gaining momentum.
- Cybersecurity Workforce Expansion: Initiatives such as scholarship programs have been launched to address the shortage of adequately trained cybersecurity experts.
- Governance Enhancement: Governance structures are being improved to consolidate responsibility and establish robust prevention and response mechanisms across agencies.
- Cybersecurity Task Forces: The establishment of task forces and similar structures is being pursued to comprehensively study the cybersecurity landscape, including exploring the intersection of artificial intelligence and cybersecurity.