New Report Reveals Critical Cybersecurity Insights in K-12 Schools

Districts say cybersecurity is their number one priority this year

EAST GREENBUSH, N.Y., November 20, 2023– For the second year, the Center for Internet Security, Inc. (CIS®) and the Multi-State Information Sharing and Analysis Center (MS-ISAC®) have released insights and analysis of the cybersecurity landscape in our nation’s K-12 public schools.

Who is this report for?

The 2023 CIS MS-ISAC K-12 Cybersecurity Report is intended for K-12 leaders, including superintendents, school boards, administrative staff, as well as IT leaders and cybersecurity practitioners. It offers valuable insights to inform the decision-making process regarding cyber risk and guides IT professionals on a path to greater cybersecurity protection for their districts.

Where did the data come from?

The report's data originates from the 2022-2023 school year, sourced from more than 4,600 K-12 public education institutions. This includes information from the 2022 Nationwide Cybersecurity Review (NCSR), direct data from the CIS Security Operations Center (SOC) and the CIS Cyber Threat Intelligence (CTI) Team, and information from the Consortium for School Networking (COSN) EdTech Survey.

Top Concerns:

  • 81% of districts say their top concern is insufficient funding.
  • 59% report concern over the increasing sophistication of threats.
  • 58% say they are concerned about the lack of documented cybersecurity processes.

Top Recommendations:

  • Join the no-cost MS-ISAC and K-12 Working Group.
  • Participate in the Nationwide Cybersecurity Review (NCSR) to assess cyber maturity.
  • Implement CIS Critical Security Controls.

“In the landscape of K-12 education, school leaders and IT professionals grapple with budget constraints, increasing ransomware threats, and a scarcity of cyber resources,” said Karen Sorady, CIS Vice President of MS-ISAC Strategy and Plans. “This report highlights those critical concerns, while also offering no-cost and low-cost solutions and specific actions that schools can take to secure a safer online environment for their students, families, teachers, and staff.”

“The 2023 CIS MS-ISAC K-12 Cybersecurity Report offers a detailed roadmap for K-12 schools, outlining specific measures that can be taken to enhance online safety and security. It provides actionable guidelines designed to protect the digital environment for students, their families, teachers and staff,” said Keith R. Krueger, CEO of CoSN.  “By following these steps, schools can strengthen their cybersecurity defenses, mitigate risks and ensure a safer online experience. This proactive approach not only addresses current cyber threats but also prepares the educational community for emerging challenges in the digital landscape.”

The full 2023 CIS MS-ISAC K-12 Cybersecurity Report is available here.

For media inquiries or interviews, please contact CIS Media Relations Manager, Kelly Wyland, at [email protected] or call/text 518-256-6978.


About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit or follow us on X: @CISecurity.