Protecting Schools Virtually

Photo by AntonioSolano/Getty Images

As schools increasingly integrate technology into their operations, the landscape of safety and security has evolved dramatically.⁠^[1] To simultaneously prepare students to enter a technologically advanced world and help meet the expectations of parents and students who are used to regular online access and connection, nearly all schools now provide at least those students in need (if not all students) with devices for schoolwork.⁠^[2] Educators also rely on courseware and online resources to support instruction, as well as for everyday administrative tasks, such as scheduling, grading, and testing.

This infusion of technology means that schools must increasingly manage cyber risks as infiltration, ransomware, or denial-of-service attacks on their systems disrupt their ability to fulfill their instructional mission.⁠^[3]

The Growing Impact of Cybersecurity Threats

Cybersecurity incidents are more prevalent in today's schools than many might expect.⁠^[4] According to an October 2024 RAND American School Leader Panel survey of a nationally representative sample of K–12 school principals,⁠^[5] 60 percent reported that their schools experienced at least one cybersecurity incident during the 2023–2024 and 2024–2025 school years (see Figure 1). The most common issues involved email compromises, scams, and phishing attempts, with 45 percent of schools reporting compromised business emails and 19 percent reporting compromised student emails.

Other types of cyber incidents, such as data breaches (14 percent) and ransomware attacks (10 percent), were less common but still notable. Ransomware can be particularly disruptive to educational operations: for example, when attackers demand that schools pay them to regain access to critical data.⁠^[6] Principals reported that other types of incidents, such as website or social media defacement (3 percent), invasion of online classes or meetings (2 percent), and denial-of-service attacks (1 percent), were rarer.

• At least one cybersecurity threat = 60%
• Business email compromise scams or phishing attempts = 45%
• Student email compromise scams or phishing attempts = 19%
• Data breaches = 14%
• Ransomware attacks = 10%
• Website and/or social media defacement = 3%
• Invasion of online classes or school meetings = 2%
• Denial-of-service attacks = 1%

NOTE: This figure depicts response data from the following survey question administered to school principals using the RAND American School Leader Panel in October 2024: "At any point over the last school year (2023–2024) and/or in this school year (2024–2025), has your school experienced any of the following cyber incidents?" (n = 957). Respondents were instructed to select all that applied.

These data underscore the need for schools to do more when it comes to prioritizing cybersecurity measures and training. Although email-related incidents, such as phishing scams, dominate the landscape and the news, the increasing complexity and frequency of a diverse array of cyber threats suggest that schools must be prepared to address a broader variety of vulnerabilities.⁠^[7]

Cyber Tools and Broader School Safety Concerns

Because students are online for a great deal of their time at and outside school—a significant portion of which is likely spent on school-owned devices—monitoring school-owned devices is part of many schools' efforts to detect and prevent school violence. These detection tools use keyword and other types of searches to generate automated alerts when the software indicates that students are using the devices inappropriately or searching for or saying things that suggest a potential risk of violence.⁠^[8] School staff are then responsible for reviewing each alert and resolving any issues that arise. Although it is plausible that such technology has helped prevent incidents of school violence, the use of these tools also raises concerns about the potential for students to be wrongly identified as threats based on innocuous or inquisitive online behavior.⁠^[9]

We asked principals whether their school used technology to monitor students' activities by scanning documents, web searches, or social media activity on school district–owned devices or devices connected to their district's server. Just over two-thirds of principals (64 percent) indicated that their schools used such technology (see Figure 2). The results of our survey show that such monitoring is especially common in middle schools: 73 percent of middle school principals who responded to the survey indicated that their school was using such technology, compared with 62 percent of elementary school principals and 62 percent of high school principals. Suburban and rural schools were more likely than their urban counterparts to use such technology, perhaps because of their smaller sizes; research suggests that the number of alerts related to flagged content can be a burden on school staff, potentially requiring designated administrators or safety staff to assess thousands of alerts daily.⁠^[10]

Total percentage of schools = 64%

By school grade level

• Elementary = 62%
• Middle = 73%
• High = 62%

By school grade locale

• Urban = 57%
• Suburban = 69%
• Rural = 65%

NOTE: This figure depicts response data from the following survey question administered to school principals using the RAND American School Leader Panel in October 2024: "Does your school use technology monitoring services as part of broader school safety efforts to identify potential safety-related concerns or threats by scanning documents, searches, or social media activity on school district-owned devices or devices connected to your district's server?" (n = 965). An asterisk (*) indicates that the percentage of secondary (middle or high school) principals or principals in suburban and rural areas who indicated that their schools use technology monitoring services is statistically significantly different from the percentage of elementary and urban principals, respectively, who responded similarly.

When we asked principals what, if any, impact such monitoring technology has on school safety, responses were split. Slightly more than half of principals (52 percent) indicated that the technology "helps make our school safer by identifying potential threats early," and 39 percent indicated that it "only makes our school safer when it is used in conjunction with other school safety strategies, such as threat reporting and assessment." Fewer than 2 percent of principals indicated such technology has no impact on school safety, and even fewer principals (about 0.5 percent) indicated that it "makes our school less safe because it introduces biases into school safety efforts."

The Need for a Continued Focus on Virtual School Safety

Although technology offers powerful tools to improve school safety, it also creates new avenues for harm. Technology is a core part of most K–12 schools' operations and a key element in the successful pursuit of their educational mission. Given the role that technology plays in students' lives, navigating how to identify and interpret the information that students seek or share online should be part of a comprehensive approach to identifying and assessing threats and intervening effectively. Such an approach essentially lies at the intersection between virtual and physical school safety. To better protect school communities and school operations, a multifaceted approach could focus on

• enhanced cybersecurity measures to prevent email compromises, data breaches, and other incidents
• proactive education and training for staff, students, and administrators to recognize such cybersecurity threats as phishing, given the prominence of email compromise incidents reported by our survey respondents
• a better understanding of how monitoring technologies on school devices and networks can contribute to school safety, including by managing the labor requirements for staff to respond to tool-generated alerts.⁠^[11]

The intersection of technology and school safety is both a promising and a precarious space. As schools continue to adopt new technologies, staff must remain vigilant about the unintended consequences these tools can introduce. From cybersecurity incidents to incidents fueled by the spread of new technologies (including artificial intelligence), the challenges are significant—but not insurmountable.⁠^[12] With the right policies, training, and resources, schools can navigate this evolving landscape and create safer environments for students and staff alike.

Acknowledgments

We are extremely grateful to the educators who have agreed to participate in the panels. Their time and willingness to share their experiences are invaluable for this effort and for helping us understand how to better support their hard work in schools. We thank Lisa Wagner and Brian Kim for assisting with survey management; Gerald P. Hunter and Ruolin Lu for data management; and Tim R. Colvin, Roberto Guevara, and Julie Newell for programming the survey. Thanks also go to Claude Messan Setodji and Dorothy Seaman for producing the sampling and weighting for these analyses. We greatly appreciate the administrative support provided by Tina Petrossian and AEP management provided by David Grant. We also thank Meagan E. Cahill and Aaron C. Davenport for their review and feedback, which helped improve our work. Finally, we are grateful for Cindy Lyons' efforts in overseeing the publication of this report.

Notes

1. Chris Hayhurst, "How K–12 Schools Are Making Technology Work for Educators," EdTech Magazine, October 16, 2024, https://edtechmagazine.com/k12/article/2024/10/how-k-12-schools-are-making-technology-work-educators. Return to content ⤴
2. Adam Stone, "3 Technologies to Facilitate Parent-Teacher Communication," EdTech Magazine, August 20, 2024, https://edtechmagazine.com/k12/article/2024/08/3-technologies-facilitate-parent-teacher-communication. Return to content ⤴
3. U.S. Department of Education, "Data Security: K–12 and Higher Education," webpage, undated, https://studentprivacy.ed.gov/data-security-k-12-and-higher-education; Cybersecurity and Infrastructure Security Agency, "Cybersecurity for K–12 Education," webpage, undated, https://www.cisa.gov/topics/cybersecurity-best-practices/K12cybersecurity. Return to content ⤴
4. U.S. Department of Education, "K–12 Cybersecurity," webpage, undated, https://www.ed.gov/teaching-and-administration/safe-learning-environments/school-safety-and-security/k-12-cybersecurity. Return to content ⤴
5. The American School Leader Panel is part of the RAND American Educator Panels (AEP), which are nationally representative samples of teachers, school leaders, and district leaders across the country. The AEP are a proud member of the American Association for Public Opinion Research's Transparency Initiative. Return to content ⤴
6. Briana Mendez-Padilla, "Ransomware Attacks in Education Jump 23% Year over Year," Higher Ed Dive, July 25, 2025, https://www.highereddive.com/news/ransomware-attacks-education-jump-23-percent-h1-2025/754011/. Return to content ⤴
7. Erin Brereton, "The Growing Quishing Security Threat," EdTech Magazine, May 1, 2025, https://edtechmagazine.com/k12/article/2025/05/growing-quishing-security-threat. Return to content ⤴
8. Mark Keierleber, "Exclusive Data: An Inside Look at the Spy Tech That Followed Kids Home for Remote Learning—and Now Won't Leave," The 74, September 14, 2021, https://www.the74million.org/article/gaggle-spy-tech-minneapolis-students-remote-learning/. Return to content ⤴
9. Orko Manna, "After Plot Against Memorial HS in Houston, School Safety Experts Break Down Tools Available to Thwart Attacks," KHOU 11 News, February 20, 2025, https://www.khou.com/article/news/memorial-high-school-houston-plot-prevent/285-3e5fe1ea-8278-4c85-85e1-5c20d323da78; "AI Technologies Used by Schools to Monitor Kids for Safety Are Found to Mostly Fail at Keeping Kids Safe," Milwaukee Independent, May 18, 2025, https://www.milwaukeeindependent.com/newswire/ai-technologies-used-schools-monitor-kids-safety-found-mostly-fail-keeping-kids-safe/. Return to content ⤴
10. Pauline Moore, Jennifer T. Leschitz, Brian A. Jackson, Catherine H. Augustine, Andrea Phillips, and Elizabeth D. Steiner, Supporting Threat Reporting to Strengthen School Safety: Findings from the Literature and Interviews with Stakeholders Across the K–12 School Community, Homeland Security Operational Analysis Center operated by the RAND Corporation, RR-A1077-3, 2022, https://www.rand.org/pubs/research_reports/RRA1077-3.html. Return to content ⤴
11. SchoolSafety.gov, "Cybersecurity," webpage, undated, https://www.schoolsafety.gov/cybersecurity; SchoolSafety.gov, "Cybersecurity Action Steps," undated, https://www.schoolsafety.gov/sites/default/files/2023-04/Cybersecurity%20Action%20Steps.pdf; SchoolSafety.gov, "Cybersecurity Resources," undated, https://www.schoolsafety.gov/sites/default/files/2024-02/SchoolSafety.gov%20Cybersecurity%20Resources_508-C.pdf. Return to content ⤴
12. Brian A. Jackson, Melissa Kay Diliberti, and Pauline Moore, Artificially Intelligent Bullies: Dealing with Deepfakes in K–12 Schools, RAND Corporation, RR-A3930-5, 2025, https://www.rand.org/pubs/research_reports/RRA3930-5.html. Return to content ⤴

Topics

• Cybersecurity
• Educational Technology
• Elementary Education
• School Safety
• Secondary Education
• Students