As federal support for K-12 cybersecurity dwindles, a new Consortium for School Networking (CoSN) report reveals state lawmakers are moving to fill the gap, with bipartisan efforts in five states reshaping how K-12 schools prepare for mounting cyber threats.
While cyber threats targeting K-12 schools grow in frequency and sophistication, most school districts are underfunded and underprepared, CoSN said in its latest report. According to CoSN, 61% of school districts don’t have dedicated cybersecurity budgets, and 78% of cyber spending funds monitoring, detection, and response.
To combat this – and recent Trump administration funding cuts – Arkansas, Massachusetts, Oregon, Pennsylvania, and Texas introduced a total of 18 pieces of legislation this year to bolster cyber defenses within school districts.
Seven bills became law, and 61 K-12-focused and broader cybersecurity bills were also introduced across the five states in 2025 that would “indirectly benefit K-12 cybersecurity,” according to CoSN.
“The K-12 focused bills look beyond general government or postsecondary applicability and directly target, in some fashion, school districts, public elementary and secondary schools, education service agencies, or other K-12 institutions,” the report says.
Those bills covered “expanding access to cybersecurity insurance, establishing enhanced training and infrastructure support, improving cyberattack responses, standardizing data practices, and requiring cyber risk assessments within K–12 systems.”
Arkansas and Texas successfully passed legislation, with Arkansas enacting laws requiring school districts to carry cybersecurity insurance, funding a self-funded cyber response program, and mandating policies for the use of artificial intelligence in schools.
Texas created the Texas Cyber Command, a centralized agency tasked with training, prevention, and response, alongside funding for school technology initiatives.
While Pennsylvania didn’t introduce any K-12-specific bills, CoSN pointed to broader proposals for an Office of Information Technology and a Joint Cybersecurity Oversight Committee, noting that measures that don’t directly target schools often bring indirect benefits to districts.
“These developments suggest that states recognize cybersecurity as a systemic issue that spans education, public safety, health, and digital infrastructure,” the report says. “While K-12 systems remain especially vulnerable, they often now sit within a wider legislative push to modernize and secure public sector technology.”
“These states’ common strategies offer actionable ideas for state and district leaders across the country and underscores the importance of system-wide collaboration and strategic leadership,” said Keith Krueger, CEO of CoSN, in a press release.