Cybersecurity Incidents in U.S. Schools: A Rising Concern Amidst Growing Risks

Rising Cybersecurity Incidents in U.S. Schools

In a startling revelation, a recent report by Clever highlights that over 52% of U.S. school districts encountered cybersecurity incidents in 2025, marking a significant increase from previous years. This alarming statistic underscores a critical trend—cybersecurity threats have become a persistent challenge for educational institutions across the nation.

Clever, known for its identity management systems utilized by more than 77% of K-12 schools, published its Cybersecure 2026 Report based on feedback from nearly 500 administrators and technology professionals. The findings indicate that today's educational environments are struggling to keep up with the adversarial nature of cyber threats, leading to disrupted classes, locked apps, and compromised student data.

Shared Risks Across the K-12 Ecosystem

The report observes a worrying trend of increasing vendor-related incidents, escalating from 4% in 2023 to a staggering 32% in 2025. This surge can be attributed to the concentration of data and workflows within prominent platforms. Consequently, a single vendor breach can send ripples across numerous districts, amplifying the impact to families and students alike.

Eric Hileman, Executive Director of IT Services at Oklahoma City Public Schools, reflected on this new reality, stating, “There’s a growing acceptance in K-12 that cybersecurity incidents are, unfortunately, part of the landscape now.” Unlike in other sectors, when incidents occur in education, districts often come together to support one another, showcasing a culture of collaboration even in the face of adversity.

Student Identity Theft: A Major Concern

A particularly troubling aspect of the report reveals that 54% of U.S. districts now rank student identity theft or long-term harm as their foremost concern. Despite this apprehension, only 21% of them feel adequately equipped to tackle these threats. Alarmingly, Multi-Factor Authentication (MFA) adoption remains low, at just 13% across various grade levels. This gap highlights a looming risk—kindergarteners whose data may be compromised today may face severe consequences years down the line when applying for jobs or student loans.

The majority of districts (over 58%) have turned to new technologies to comply with insurance requirements, yet nearly 40% of these administrators express doubts regarding the effectiveness of these measures in safeguarding students. Clearly, the intersection of cybersecurity insurance and operational safety remains a convoluted issue that many school districts grapple with.

Rising AI Risks and Resource Constraints

An additional point of concern emerges from the report's findings regarding Artificial Intelligence. Four out of five districts believe that the integration of AI technologies ramps up their cybersecurity risk; however, only 11% have formal processes in place to evaluate the use of AI in educational tools. This disconnect creates a precarious situation where students unwittingly provide personal data while using these potent tools, often without adequate protections in place.

Moreover, resource limitations are increasingly recognized as the principal barrier to improving cybersecurity measures. While leadership support isn't viewed as a major obstacle, staffing and budget constraints continue to hinder efforts to adopt and sustain effective security practices.

Planning for the Inevitable

Trish Sparks, CEO of Clever, summed up the new approach many districts are taking: “Schools are no longer planning for theoretical cybersecurity incidents; they are planning for attacks that they know will happen.” This pragmatism is necessitated by the complex nature of modern cybersecurity threats and the pressing need to prioritize the privacy of student data.

The full Cybersecure 2026 Report offers deeper insights into how districts tackle identity security, navigate the mandates of cyber insurance, and respond to emerging threats in the AI age. Education stakeholders must confront these challenges head-on to ensure the safety and security of their students in an increasingly interconnected digital landscape.

For further elaboration on this pressing issue and to explore how districts are handling these evolving threats, the full report can be accessed here.

About Clever

Clever's mission is to connect every student to a world of learning. With its layered security solutions, the platform protects access and identities for educational staff, teachers, and students. As a Kahoot! company headquartered in San Francisco, CA, Clever continues to bolster secure digital learning across the nation.