A U.S. school district becomes the victim of a cyberattack almost as often as every three days, according to a report.

Last year, public K-12 education institutions experienced 122 known cybersecurity incidents, ranging from data breaches to phishing scams and ransomware attacks, says “The State of K-12 Cybersecurity: 2018 Year in Review.”

Many of the incidents were significant, resulting in the theft of millions of tax payer dollars, stolen identities, tax fraud, and altered school records. “Public schools are increasingly relying on technology for teaching, learning, and school operations,” said Douglas A. Levin, president of EdTech Strategies and report author. “It should hardly be surprising, therefore, that they are experiencing the same types of data breaches and cybersecurity incidents that have plagued even the most advanced and well-resourced corporations and government agencies.”

Data for the 2018 report is drawn from publicly-disclosed incidents – including data breaches, phishing attacks, ransomware and other malware incidents, and denial of service attacks – cataloged on the K-12 Cyber Incident Map. The Map and underlying database captures detailed information about two inter-related issues:

  • publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools, and other public education agencies (such as regional and state agencies), especially those that occur on K-12 managed networks and devices, and
  • the characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.

Since 2016, the K-12 Cyber Incident Map has documented more than 415 publicly disclosed incidents, which equates to a rate of about one new publicly-reported incident every three days.

Ultimately, said Levin, the goal of policymakers, technologists, and school leaders must be to reduce and better manage the cybersecurity risks facing increasingly technologically-dependent schools. “But make no mistake: keeping K-12 schools ‘cyber secure’ is a wicked problem – one that is assured to get worse until we take meaningful steps to address it,” said Levin. “This report and the ongoing work of the K-12 Cybersecurity Resource Center are only small, but necessary steps in a much longer journey.”