K-12 Schools: Make Cybersecurity a Priority

Adam Adler| June 3rd, 2025

Risk Management, Cybersecurity

Given that 82% of K-12 schools experienced a cyber incident between July 2023 and December 2024 (per a new Center for Internet Security report), you’re more likely than not to have been hit with a breach already. Is your school on the lucky side of that data point? It won’t be for long.

For any K-12 school, the question is not if but when you’ll experience a cyber incident. You can’t control the craftiness or prevalence of scammers, but you can do a lot to minimize the impact of their scheming.

Common Threats

We’ve long had reason to believe schools faced greater vulnerability to cyber attacks than other entities, and new research shows an especially widespread issue. As the report puts it, schools are “prime targets for cybercriminals.”

A number of factors contribute to the prevalence of cyber attacks in schools: the massive amount of data available, the impact a cyber event can make, and the hard truth that schools tend to be behind the curve when it comes to cybersecurity.

As a result, schools run into these cyber threats most often:

Ransomware attacks: Scammers encrypt a school’s data so that it becomes inaccessible and they can then demand a ransom.

Phishing and social engineering: A web user being tricked into sharing information or otherwise compromising data constitutes a social engineering attack; phishing is a subcategory wherein scammers pose as a trusted entity like a bank or government agency.

Data breaches: An unauthorized party gains access to a school’s confidential information.

Denial-of-service attacks: Legitimate users lose access to network resources or information services like email because a bad actor crashes the network.

Malvertisement: Malicious code injected into legitimate online advertising spreads malware to users who click the ads.

Exploiting the Human Element

A school environment is more likely than many other organizations to be collaborative and open, and that, too, makes schools vulnerable to cyber attacks. The report indicates a growing number of attacks within K-12 schools exploit a culture of trust by focusing on the human element.

Social engineering attacks including phishing are on the rise in schools. Staff members who have not been trained in cyber security often provide login information, for example, to someone posing as an IT team member or other expert within the school system.

If you trust your colleagues and have not been educated about red flags to watch out for, it makes sense that you’d be targeted by scammers. Training makes all the difference in preventing these kinds of attacks.

Support for Cyber Resilience

Scammers will continue to find vulnerabilities in schools and every other kind of organization, but you can make that hunt a lot harder for them. As the report puts it, “Schools that prioritize fostering environments where staff and faculty are empowered to be a key element of their cybersecurity defenses, equipping them with more than just security awareness training—through proactive cyber defense measures and strong partnerships—create a more resilient and adaptive security culture that can more effectively defend against evolving cyber threats.”

Our Cyber Risk Management Team helps schools build cyber resilience in the face of increasing scams. We build your strategy through a process that starts with understanding where you are today and identifying tools for meeting those challenges:

Conduct a cyber risk assessment. MJ will conduct a comprehensive cyber risk management review to assess and enhance your organization’s cyber resilience.

Identify vulnerabilities. MJ’s assessment highlights opportunities to enhance cyber risk management practices.

Pre-select cyber vendor partner. From our trusted, industry-leading cyber support vendors, we connect you with partners whose expertise aligns with your specific insurance coverage needs.

Prioritize opportunities for improvement. Based on the assessment’s results, we help you create a strategy around your cyber security program.

Assist with complex applications. We understand the insurance process can be overwhelming and complex, and we serve as your dedicated advocate to help ease your burden through the process.

Provide risk transfer support. We execute targeted insurance placement and tailor coverage terms and conditions to best align with your organization’s specific risk profile and needs.

Assist with post-breach claims. We are there every step of the way and provide critical guidance and support once a cyber event has happened. This support is paramount to the best outcome possible.

We’re here to help your school build a multifaceted strategy to strengthen cyber resilience. Rely on our experts to help prevent and reduce cyber claims with an approach that matches your school’s needs and concerns.