Annual Report Offers Detailed Analysis of State and Federal Policies and Trends Shaping K-12 Cybersecurity

 

Washington, D.C. (January 30, 2025) –  CoSN today released the State and Federal Cybersecurity Policy and Education in 2024 Report examining the key trends, strategic approaches and practical implications of 2024’s cybersecurity legislation for educational institutions. By highlighting both enacted laws and notable proposed legislation, the report provides education leaders and policymakers with actionable insights for strengthening cybersecurity governance, protection and education in their own communities and schools. The report was funded by the Gates Foundation.

The state and federal education cybersecurity policy landscape continued to evolve rapidly in 2024 as policymakers, especially state leaders, worked to better protect the education sector from serious digital threats. Analysis of 2024 state legislation reveals significant attention to K-12 cybersecurity — reflecting a growing recognition of schools’ unique cybersecurity challenges, from protecting sensitive student data to securing increasingly technology-dependent learning environments. While some bills focused on traditional concerns like infrastructure security and incident reporting, others addressed emerging needs such as professional development for technology leaders and cybersecurity curriculum for students.

“Protecting school networks from ransomware and other cyberattacks remains a top priority for school district technology leaders. CoSN is proud to release this comprehensive report on 2024 cybersecurity policy developments at the state and federal levels,” said Keith Krueger, CEO, CoSN. “By providing this vital analysis, we aim to empower local, state and federal leaders to strengthen their collaboration and bolster defenses against the persistent threats targeting school networks and the sensitive student and staff data they safeguard.”

The report, “State and Federal Cybersecurity Policy and Education in 2024,” highlights:

  • In 2024, state legislators introduced 258 bills addressing various aspects of cybersecurity across 42 states, with 29 measures becoming law. While this volume represents a modest decline from 307 bills and 75 enacted laws in 2023, the decrease likely reflects the substantial policy foundation established in previous legislative sessions rather than diminished policymaker interest.
  • K-12 schools and postsecondary institutions received particular attention in state legislatures, with 28 bills in 16 states focusing directly on K-12 cybersecurity and 19 bills in 10 states addressing postsecondary cybersecurity.

Many general government cybersecurity bills in 2024 have significant implications for schools and postsecondary institutions as units of state and local government. Notable trends in this broader legislation include:

  • Creation of new cybersecurity task forces and offices with education representation
  • Development of comprehensive incident reporting frameworks
  • Establishment of grant programs accessible to educational institutions
  • Specific measures to combat ransomware threats
  • Integration of artificial intelligence and cybersecurity considerations

“School districts of all sizes and locations face significant cyber threats and addressing them demands effective partnerships and coordination. We hope this important new CoSN report equips school leaders and policymakers with insights into how other jurisdictions are tackling these challenges and fosters meaningful action in 2025 to better safeguard the privacy of student and teacher data,” said Reg Leichty, Founding Partner, Foresight Law + Policy.

Several states emerged as particularly active in considering a wide range of cybersecurity proposals, with Massachusetts (27 bills), Minnesota (25 bills), New York (23 bills), New Jersey (20 bills), California (14 bills) and Iowa (14 bills) leading in the number of introduced bills. These bills, and the many others considered across the nation, may provide cybersecurity policy models for other states and communities to consider in 2025.

The full State and Federal Cybersecurity Policy and Education in 2024 Report is available here. For further information on CoSN’s cybersecurity initiatives, visit: cosn.org/edtech-topics/cybersecurity/.

About CoSN
CoSN, the world-class professional association for K-12 EdTech leaders, stands at the forefront of education innovation. We are driven by a mission to equip current and aspiring K-12 education technology leaders, their teams, and school districts with the community, knowledge, and professional development they need to cultivate engaging learning environments. Our vision is rooted in a future where every learner reaches their unique potential, guided by our community. CoSN represents over 13 million students and continues to grow as a powerful and influential voice in K-12 education. cosn.org

MEDIA CONTACT:
Makenzie Carlin, mcarlin@fratelli.com