New report highlights five states stepping up K-12 cyber

Sixty-one pieces of cybersecurity legislation were introduced in five key states this year, each of which would benefit K-12 school districts that are receiving diminished federal support. The tally is one of several findings included in a report published Wednesday by the nonprofit Consortium for School Networking.

The group’s 2025 State Cybersecurity Legislation Report focuses on cybersecurity bills in Arkansas, Massachusetts, Oregon, Pennsylvania and Texas, including those that specifically target K-12 school districts and broader cyber legislation that would also benefit schools. The group said the increased activity by states is particularly important in light of recent cuts to resources like the Multi-State Information Sharing and Analysis Center.

“While federal support for K-12 cybersecurity is in turmoil, several states are advancing innovative, bipartisan legislation to help safeguard student data, improve incident response, expand insurance access and build the cybersecurity workforce we urgently need,” Keith Krueger, the consortium’s chief executive, said in a press release. “These states’ common strategies offer actionable ideas for state and district leaders across the country and underscore the importance of system-wide collaboration and strategic leadership.”

Common strategies identified by the report include centralizing cybersecurity governance, finding ways to increase the number of cybersecurity professionals working in the state and finding overlap between cyber, artificial intelligence and privacy.

The report concludes by recommending that states establish cybersecurity leads in their education agencies, require school districts to conduct risk assessments and report cybersecurity incidents, and require that vendors meet cyber standards aligned with federal frameworks.