K-12 Cybersecurity Insider | 6/30/2025 edition

Written By Doug Levin

A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.

Mark Your Calendar

In the News

BEC Fraud Claims Another K-12 Victim

Business email compromise (BEC) scams routinely target school system business office staff and/or their vendors to attempt to redirect authorized payments to accounts controlled by criminals. The latest victim: Sabine Parish School Board (LA), which inadvertently directed $251,972 to a fraudulent account instead of the intended vendor. The best way to defend against such attacks are strict financial controls, including verifying the legitimacy of any requested account changes.

Undetected Compromise of School District Network Months Earlier Leads to Ransomware

On April 7, 2025, Fall River Public Schools - a MA school district serving more than 10,000 students - experienced a cybersecurity incident that temporarily disrupted access to the district’s technology systems. In a publicly-released summary report about the incident, it was disclosed that the first indicators of unauthorized activity appeared in server logs in late January 2025.

Cyber Risk Insurance Prices Decreasing

Despite increased cross-sector cyber incident claims frequency across 2024, the average insurance payout dropped by 77 percent. This paradox — rising claims but declining payments — helped to maintain the soft market for cyber insurance providers. On average, buyers achieved a 7 percent premium decrease in Q1 2025, primarily driven by ample capacity, the introduction of new capacity, and incumbent insurers being aggressive with renewal terms to maintain their incumbent renewals.

Fast Facts

  • 40: U.S. K-12 ransomware victims claimed by threat actors (2025 to date) (source)

  • 68: Severe information technology vulnerabilities (CVSS Base Score 7.0+) disclosed in past week (source)

  • $500,000: Avg data breach cost savings for organizations with incident response teams and formal response plans (source)

Members Get More

The K12 Security Information eXchange (K12 SIX) operates as the information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.

Doug Levin
Next

Cybersecurity in the Classroom: Protecting K-12 Schools from Cybercrime