Following cuts to programs supporting cybersecurity in K-12 schools, the Consortium for School Networking’s petition to federal leaders in charge of allocations earned more than 400 signatures from districts nationwide.
Following recent federal budget cuts to key K-12 cybersecurity programs, school leaders across the U.S. are urging Washington to reverse course and bolster defenses against cyber threats. More than 400 school districts signed a petition this month calling on Congress and the White House to restore federal support for cybersecurity in schools.
The petition highlights the elimination of the U.S. Department of Education’s Office of Educational Technology (OET) and budget cuts at the Cybersecurity and Infrastructure Security Agency (CISA) that led to the removal of federal support for the Multi-State Information Sharing and Analysis Center (MS-ISAC). These changes, part of an overall effort at reducing the federal workforce, represent big losses in both funding and thought leadership for education technology and cybersecurity, the petition says.
“It hasn’t been well explained as to why we’re doing this, and I’ve yet to find a policymaker who thinks it’s a good idea to make school districts more vulnerable to lose student data or employee data,” Keith Krueger, CEO of the Consortium for School Networking, which organized the petition, said. “It’s penny wise and pound foolish.”
At the same time, a $10 million budget cut to CISA impacted services through MS-ISAC, a nonprofit program aimed at cultivating community and offering incident response services at no cost.
Due to the changes, districts will need to pay for cybersecurity services that were previously free and will lose thought leadership on best practices in a rapidly evolving landscape, Krueger said. Because most school budgets are predetermined, it will be difficult for schools to take on these additional costs.
Krueger said these cuts couldn’t have come at a worse time, as cyber attacks on schools are increasing in scale, severity and cost. Between July 2023 and December 2024, CISA tracked 9,300 confirmed cybersecurity incidents across 5,000 schools. The U.S. Government Accountability Office found that recovering from learning loss due to attacks took between three days and three weeks, and overall recovery time took two to nine months. Financially, losses can range from $50,000 to $1 million.
Without these supports, schools sometimes look to cyber insurance as a safety net, but Krueger said that’s not a long-term solution.
“The insurance carriers are realizing this is similar to offering hurricane insurance in Florida. No one really wants to be in that business because a lot is being paid out,” he said. “What we see in terms of cyber insurance premiums are increasing, deductibles are increasing, and there are just simply fewer insurance providers providing K-12 cyber insurance.”
Krueger said that in addition to raising premiums and deductibles, cyber insurance companies are rightfully requiring schools to have a stronger security posture to qualify for insurance. According to a CoSN survey between January and March 2025, 71 percent of districts said they experienced changes in their cyber insurance policy this year, and 59 percent of that group reported increased premiums while 22 percent reported an increase in their deductible.
LOOKING FORWARD: NO FEDERAL CHANGE YET
CoSN’s petition urges federal leadership to restore funding to CISA and re-staff the OET, as well as invest further in cybersecurity infrastructure. There has been no response following the petition’s release, and Krueger said depoliticization of the issue is necessary to reach its goals.
In the meantime, if the problem can’t be solved at a national level, state-level support for cybersecurity programs grows even more important, Krueger said. CoSN plans to release a report after Labor Day highlighting five states that enacted significant school cybersecurity measures.
However, Krueger said the national prevention efforts are the most cost-effective approach in the long run. Trying to secure more than 13,000 school districts without a nationwide strategy is not sustainable or scalable, he said.
MS-ISAC’s annual budget is about $30 million, according to Chair Terry Loftus.
“It’s such a modest amount [compared to the cost of incident response],” he said. “Either you’re going to pay on the front end, or you’re going to pay on the back end, and you pay a lot less for prevention than what you pay on recovery.”
Abby Sourwine is a staff writer for the Center for Digital Education. She has a bachelor’s degree in journalism from the University of Oregon and worked in local news before joining the e.Republic team. She is currently located in San Diego, California.
