Every day, we hear about some new digital innovation that can change the world; education technology (EdTech) is a great example. From artificial intelligence (AI)-driven tutors to immersive virtual reality (VR) classrooms, EdTech is reshaping how we learn. But data breaches, system failures, and slowdowns can disrupt everything these tools are meant to improve. The real challenge isn’t using the tech—it’s securing it against risks that compromise systems and affect people.
EdTech’s Growing Role and Risks
EdTech blends educational theory with software innovation to enhance teaching via immersive digital experiences, online lectures, collaborative tools such as Google Workspace, and accessibility solutions for diverse learning needs. Market research from Arizton projects the global EdTech market will reach $738 billion by 2029. New cloud-based learning management systems (LMSs) emerge almost yearly to support coursework, while student information systems (SISs) continue to evolve. But as with any technology, network and application performance issues can disrupt learning and strain IT teams.
A brief search on StatusGator, which monitors outages by aggregating real-time data from official service status pages, shows significant EdTech disruptions in January 2025 alone (see figure). These issues ranged from login failures to systemwide crashes, leaving schools without critical resources.
In more dire cases, outages may even prevent people from receiving emergency notifications during a lockdown, as was speculated when a CrowdStrike software update caused hundreds of IT failures in U.S. schools.
In fact, cyberthreats are a major concern for districts. Between 2016 and 2022, K-12 schools nationwide experienced 1,619 cyber incidents. Student data is a hot commodity for hackers and cybermarkets. The Cyber Defense Agency estimates that students are targeted by cyberattacks multiple times every day. Advocates and lawmakers are intensifying efforts to strengthen protections. It’s a work in progress.
The PowerSchool Breach Is a Wake-up Call for Digital Learning
Federal laws such as the Family Educational Rights and Privacy Act (FERPA) set privacy standards but don't require breach notifications; instead, state laws and contracts govern whether schools or EdTech providers must disclose breaches or outages.
In December 2024, PowerSchool, a leading SIS platform used by districts across North America, suffered a major data breach. A hacker reportedly gained full access to student and staff records through PowerSchool’s PowerSource customer support portal by exploiting a compromised credential on an account with insufficient protection. The breach may have exposed sensitive information on tens of millions of American students and educators, including names, addresses, Social Security numbers, medical records, and academic performance.
“For a sector so integral to the American way of life, it is unconscionable that neither K-12 schools nor their vendors are held to a cybersecurity standard of practice,” said Doug Levin, co-founder and national director of the K12 Security Information Exchange.
Without real-time threat detection, performance monitoring, and other protections, these attacks often go unnoticed until it’s too late, causing short- and long-term consequences for those affected.
Why Schools Are a Top Target for Cyberattacks
Cybercriminals see schools as easy to exploit, especially when aging infrastructure struggles to support the demands of modern education technology and lack of budget dollars leaves education departments vulnerable to sophisticated threats. Reports accessible through the Internet Crime Complaint Center (IC3) show ransomware attacks, phishing scams, and data breaches are rising. School records contain valuable information that can be exploited for years, putting students, teachers, and families at constant risk. For example, unlike adults, students typically don’t monitor their credit or financial history, making them vulnerable to identity theft that may go undetected until they apply for a loan or a job.
To keep track of reported cyberattacks on U.S. schools, education news outlet The 74 has created an interactive tool that allows filtering by state and district: K-12 Cyberattacks in Focus. This resource is maintained by The 74, and its data reflects the outlet’s reporting.
Some public schools often lack the budget and personnel to properly secure their networks. Others may struggle to find and retain a dedicated chief information security officer (CISO) due to limited salaries, leaving already-thin IT teams to manage both security and system performance. As in businesses, school IT environments rely on a complex network of systems and vendors, including virtual productivity tools, video, telecommunications, and cloud platforms. So issues can be hiding anywhere.
Security gaps, maintenance upgrades, technology migrations, misconfigurations, resources, and vendor outages can easily disrupt learning environments or expose sensitive data. Without proactive monitoring and real-time network observability into performance and security threats, schools are left reacting to crises instead of preventing them.
Comprehensive Risk Management for Schools
NETSCOUT provides high-quality, packet-based insights, alerts, and reporting to improve operational resilience across digital learning environments. Our nGenius solutions provide optimal performance across networks and services to prevent disruptions and maintain effective IT ecosystems. The NETSCOUT Omnis CyberStream and Omnis Cyber Intelligence platform strengthens the overall security posture, helping schools identify and stop evolving cybersecurity threats. Together, these solutions form a powerful one-two punch against risks.
Learn more about how NETSCOUT enhances performance and security in educational institutions, and connect with our experts to improve digital learning while protecting students, educators, and data.