CoSN Unveils 2025 State Cybersecurity Legislation Report Showcasing State Lawmakers’ Efforts to Safeguard Schools

Annual Report Provides Actionable Recommendations to Help Districts Shift from Reactive to Resilient Amid Escalating Cyber Threats

 

Washington, D.C. (September 3, 2025) – CoSN today released the 2025 State Cybersecurity Legislation Report, highlighting state-level actions to strengthen K-12 cybersecurity amid escalating threats and shrinking federal support. The report details recent legislative activity across five states and provides recommendations on governance, funding, workforce development, incident response and data standards to help state and district leaders across the country secure the future of digital learning.

Cybersecurity threats to K-12 schools are growing in frequency, sophistication and cost, yet many school districts remain under-resourced and underprepared. According to the CoSN 2025 State of EdTech District Leadership report, 61% of school districts rely on general funds rather than dedicated cybersecurity budgets to protect their networks and data.

Recent federal policy shifts, including the elimination of funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC), have weakened national support for school districts. In response, states such as Arkansas, Massachusetts, Oregon, Pennsylvania and Texas are taking action. The 2025 legislative actions reviewed in this report provide ideas for developing and adopting policies that will help school districts and their partners address these challenges.

“While federal support for K-12 cybersecurity is in turmoil, several states are advancing innovative, bipartisan legislation to help safeguard student data, improve incident response, expand insurance access and build the cybersecurity workforce we urgently need,” said Keith Krueger, CEO, CoSN. “These states’ common strategies offer actionable ideas for state and district leaders across the country and underscores the importance of system-wide collaboration and strategic leadership.”

Key Findings

• Eighteen K-12 cybersecurity bills were introduced in 2025 across the five states studied.
• Seven bills became law — all in Arkansas and Texas — focused on insurance access, training and infrastructure support, cyberattack response, data practices, and risk assessments.
• Sixty-one K-12-focused and broader cybersecurity bills were introduced across the five states in 2025 that would indirectly benefit K-12 cybersecurity, covering government systems, postsecondary institutions or crosscutting issues such as insurance, incident response, AI accountability and workforce development.
• Several common policy strategies emerged across the cybersecurity legislation introduced or enacted in the tracked states:
  • Centralized cybersecurity governance and oversight
  • Cybersecurity insurance and risk management
  • Cybersecurity workforce development and education
  • Integration of cybersecurity into K-12 and higher education policy
  • Incident reporting and crisis response readiness
  • AI, privacy and cybersecurity intersection

Policy Recommendations

• Establish or Strengthen Statewide K-12 Cybersecurity Governance: Designate a cybersecurity lead within the state education agency and ensure that school districts are included in state-level cybersecurity planning and governance bodies.
• Fund and Require School District Cybersecurity Risk Assessments: Allocate funding for school districts to conduct risk assessments and develop mitigation strategies.
• Align Workforce Policy with K-12 Needs: Support teacher certification in cybersecurity and create K-12 student pathways aligned with current and emerging workforce demand.
• Mandate Incident Reporting and Create Response Protocols: Require timely reporting of cybersecurity incidents and support districts with coordinated response plans and training exercises.
• Update Procurement and Data Governance Standards: Require that vendors meet minimum cybersecurity standards and align procurement processes with national frameworks.

By adopting well-designed strategies — centralized oversight, insurance requirements, workforce investment, integrated planning and responsible innovation oversight — states can help their school districts move from reactive to resilient. Cross-sector collaboration and sustained investment will be critical to protecting students, educators and the integrity of public education systems.

To read the full 2025 State Cybersecurity Legislation Report, visit: https://www.cosn.org/tools-and-resources/resource/2025-state-cybersecurity-legislation-report/

For further information on CoSN’s cybersecurity initiatives, visit: cosn.org/edtech-topics/cybersecurity/.

About CoSN
CoSN, the world-class professional association for K-12 EdTech leaders, stands at the forefront of education innovation. We are driven by a mission to equip current and aspiring K-12 education technology leaders, their teams, and school districts with the community, knowledge, and professional development they need to cultivate engaging learning environments. Our vision is rooted in a future where every learner reaches their unique potential, guided by our community. CoSN represents over 13 million students and continues to grow as a powerful and influential voice in K-12 education. cosn.org