Report Finds Increase in Cyber Education Laws


Policymakers are showcasing an increased interest in better understanding how cybersecurity threats affect schools across the United States, according to a new report from the Consortium for School Networking (CoSN).

The report – titled 2023 Education Cybersecurity Policy Developments and released on Jan. 18 – inventories state and Federal education legislation that came out during 2023. The report found a 250 percent increase in the amount of cybersecurity education bills introduced since 2020. Additionally, the report found that the number of new laws adopted by states increased by 620 percent.

“Policymakers increasingly understand that K-12 education is under siege from cyber threats. School systems hold a vast amount of sensitive information about students and staff that cybercriminals can exploit, and it is imperative for both states and the federal government to enhance their efforts to secure educational networks and data,” said Keith R. Krueger, CEO of CoSN.

Furthermore, the report found that lawmakers in 42 states showcased 307 pieces of cybersecurity legislation indirectly or directly focused on the education sector in 2023 – in comparison to 232 similar bills that were introduced in 2022, 170 bills in 2021, and 87 such bills in 2020.

CoSN also found that in terms of successfully signed legislation in 2023, state governors signed 75 new pieces of legislation with an education focus. The report said this showcases a significant increase from past years, when governors signed 37 bills in 2022, 49 in 2021, and 10 in 2020. Moreover, the report also found that legislation from 2023 sought policy changes that appeal to state and local governments rather than just focusing on school districts.

At the Federal level, the report found that legislators only introduced five cybersecurity bills with an education focus.

The report also emphasizes some policy developments with high significance in 2023, including:

  • Cyber Risk Insurance Funds: States have undertaken the creation of cyber risk insurance funds aimed at mitigating the escalating insurance costs faced by school districts;
  • Regional Alliances and Partnerships: Efforts to establish and reinforce regional alliances and multistakeholder partnerships to foster information sharing and collaborative responses to cyberattacks are gaining momentum;
  • Cybersecurity Workforce Expansion: Initiatives such as scholarship programs have been launched to address the shortage of adequately trained cybersecurity experts;
  • Governance Enhancement: Governance structures are being improved to consolidate responsibility and establish robust prevention and response mechanisms across agencies; and
  • Cybersecurity Task Forces: The establishment of task forces and similar structures is being pursued to comprehensively study the cybersecurity landscape, including exploring the intersection of artificial intelligence and cybersecurity.