Tackling the Cybersecurity Urgency Gap

Getting Real About K-12 Cybersecurity: Call to Action for All District Leaders edLeader Panel recording link

Blog post by Stacey Pusey based on this edLeader Panel

Even before the pandemic, schools increasingly depended on technology for instruction and building operations. With that came an increased threat to cybersecurity.

Yet, according to the new report, Creating a Common Culture of Action Around Cybersecurity: Results from the 2021 Project Tomorrow – iboss National K-12 Education Cybersecurity Report, less than 50% of administrators and tech leaders have a high level of concern about an attack. Presenters in the edLeader Panel, “Getting Real About K-12 Cybersecurity: Call to Action for All District Leaders,” discussed three key insights from the report and why urgency is overdue.

1. An effective cybersecurity plan must be rooted in a shared and realistic sense of concern, responsibility, and accountability within the district.

While administrators and tech leaders overall don’t have a high level of concern regarding cybersecurity, the majority of administrators below there is a moderate or low concern compared to tech leaders. Moreover, few leaders have a high awareness of cybersecurity needs and haven’t changed their views during the pandemic. In other words, despite the evidence of increased cybersecurity needs, school leadership doesn’t see it as a priority.

According to the presenters, there’s a disconnect because most district personnel see cybersecurity as a tech issue and not a district-wide problem. Parents also often undervalue the need for tech safety measures. What all constituent groups need is to understand the why.

Instead of one overall presentation about cybersecurity, tech leaders need to work with each group to help them understand how they impact cybersecurity and how a breach could harm them or the children. For instance, schools keep longitudinal records. So, a breach would not only compromise current student data but past data as well; a future breach could make student information vulnerable after they’ve graduated with things like credit scores.

2. The new technology dependence in K-12 education demands that district leaders re-assess their approach to the management of their technology assets, both human and digital.

While nearly 6 in 10 tech leaders say their staffing for cybersecurity is inadequate, they face obstacles to creating an effective cybersecurity culture. These include balancing the need for access to educational technology with the need for security, lack of technology expertise among teachers and administrators, and a current culture that is more reactive than proactive regarding security.

The first step, said the presenters, is to talk about cybersecurity at the beginning of every tech conversation. If a curriculum leader wants to use a new app, for example, explain to them the security rules of the school and share any concerns about the program. As tech staff open up to teachers about the process, the teachers themselves will start to investigate the security of programs before they even present them. Next, cybersecurity shouldn’t be an add-on job for the tech staff; there should be at least one person devoted to cybersecurity.

3. Cybersecurity preparation begins with an understanding of the need to walk the talk with increased funding to support both readiness and mitigation efforts.

As with many district needs, part of the problem is money. Cybersecurity can’t be improved if budgets don’t reflect the reality of the situation. In fact, although technology use exponentially increased in the 2020-21 school year, 47% of the respondents said that their budgets did not change.

The best course of action, remarked the presenters, is to conduct a cybersecurity risk assessment. Show the board and school leaders how vulnerable the school is—don’t try to pretty up the report or hide potential threats—and then explain what’s needed to address the risks. In addition, there should be school- and district-wide policies regarding cybersecurity, including accountability measures. And, of course, these need to be enforced.

There’s an urgency gap regarding cybersecurity. But school leaders need to remember that when tech is down, learning is down too. By creating a culture focused on awareness and action, districts can create practices and processes that protect the students and the schools.

Learn more about this edWeb broadcast, “Getting Real About K-12 Cybersecurity: Call to Action for All District Leaders,” sponsored by iboss and hosted by Project Tomorrow.

Watch the Recording Listen to the Podcast

Join the Community

Technology in Schools is a free professional learning community on edWeb.net where district administrators, school leaders, and all educators can share ideas, examples, and resources that relate to integrating technology effectively in schools.

ibossiboss is a cloud security company that provides fast and secure access to the Internet on any device, from any location, in the cloud. The iboss SASE Cloud Platform eliminates the need for traditional network security appliances, such as firewalls and web gateway proxies.


Project Tomorrow is a national nonprofit organization with a mission to ensure that today’s students are well-prepared to become tomorrow’s leaders, innovators and engaged citizens of the world. We support that mission with programs and research that focus on innovation and new learning models in the K-12 classroom, including through the effective use of technology.