Cyberattacks are a costly, educationally disruptive, and constantly evolving threat to schools and the confidential personally identifiable information they collect and maintain. According to a recent Government Accountability Office (GAO) report, when a school district is attacked the “…loss of learning following a cyberattack ranged from 3 days to 3 weeks, and recovery time could take anywhere from 2 to 9 months…”.

This year’s “Summary of Education Cybersecurity Policy Developments in 2023” inventories the state and federal education cybersecurity bills and laws that emerged in 2023, and highlights notable policy ideas and trends, with the goal of helping education technology leaders, school administrators, and policymakers identify promising models and strategies. Drawing on these developments—and CoSN’s other cybersecurity technical assistance initiatives—the report also suggests policy and practice ideas for leaders to evaluate and potentially adopt in their own states and communities.

A few key statistics from the report:

  • Legislators in 42 states introduced 307 cybersecurity bills with direct or indirect focus on the education sector compared to 232 similar bills that were introduced in 2022, 170 bills in 2021 and 87 such bills in 2020.
  • Governors signed 75 new cybersecurity laws in 33 states with education implications. This actively represents a significant increase from previous years, when governors signed 37 bills in 2022, 49 in 2021 and ten in 2020. Legislation in 2023 largely sought policy revisions that applied to all state and local government rather than specifically focusing on school districts, covering a variety of cybersecurity policies and strategies.
  • Legislators introduced 22 federal cybersecurity bills, including five bills with an education focus. This figure compares to 22 federal bills introduced in 2022, 19 such bills in 2021 and 10 bills in 2020.

This report is based on research funded by the Bill & Melinda Gates Foundation. The findings and conclusions contained within are those of the authors and do not necessarily reflect positions or policies of the Bill & Melinda Gates Foundation.

Access the complete report here: CoSN Cybersecurity Policy Developments 2023

Access the press release here.

2023 cyber policy cover page