New MS-ISAC Report Details Cybersecurity Challenges of K-12 Schools

EAST GREENBUSH, N.Y., Nov. 14, 2022 /PRNewswire/ — The Multi-State Information Sharing and Analysis Center® (MS-ISAC®), part of the Center for Internet Security (CIS), released a new report Monday detailing the cybersecurity challenges faced by K-12 schools along with steps they can take to improve their cyber defenses.

The K-12 Report uncovers findings on cybersecurity preparedness and threats from the 2021 Nationwide Cybersecurity Review (NCSR), along with the MS-ISAC’s robust database of threat intelligence, service data, and feedback from its more than 3500 members, from among K-12 schools and districts. Some key findings include:

  • Schools are data-rich and can be resource-poor, making them particularly lucrative targets for cyber threat actors
  • The average school spends less than 8% of its IT budget on cybersecurity, with one in five schools committing less than 1%
  • 29% of K-12 MS-ISAC member organizations reported being victims of a cyber incident

Overall, the MS-ISAC assesses that cyber threat actors are highly likely to target K-12 school districts in the remainder of the 2022-2023 school year. The K-12 sector is improving its cybersecurity capabilities over time, but lags behind other sectors in terms of cybersecurity program maturity. With the release of the report, the MS-ISAC hopes to drive further cyber improvements across the K-12 community, while highlighting no-cost cybersecurity resources available to MS-ISAC member schools and districts.

“This MS-ISAC K-12 Report is intended to arm K-12 leaders with the information to make informed decisions around cyber risk while giving K-12 IT and cyber professionals a healthy understanding of the cyber threat landscape and practical guidance for improving cyber defenses,” said Karen Sorady, MS-ISAC Vice President for Member Engagement.

“One of the most powerful decisions a K-12 school district can make is to become an active member of the MS-ISAC,” said John Wargo, Director of Technology at K-12 Educational Service Agency. “In my 35 years in the K-12 community, I have not found a better way to receive the intelligence and cybersecurity resources to help mount an effective cyber defense—and at little-to-no cost.”

To speak with Karen Sorady, Vice President of Member Engagement at the Multi-State Information Sharing and Analysis Center (MS-ISAC), please contact Kelly Wyland at or call/text 518-256-6978.

About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit or follow us on Twitter: @CISecurity.

SOURCE Center for Internet Security