2025 Cybersecurity Predictions for K-20 Education — Campus Technology
2025 Cybersecurity Predictions for K-20 Education
What should K-12 and higher education institutions expect on the cybersecurity front in the coming year? Here’s what the experts told us.
In an open call last month, we asked education and industry leaders for their predictions on the cybersecurity landscape for schools, districts, colleges, and universities in 2025. Here’s what they told us.
Institutions will need to maintain strong security fundamentals in the face of growing cyber attacks.
“Education institutions face the unique challenge of needing to modernize their networks, while also improving user and employee experience and following compliance requirements. This will remain true in 2025, but these institutions must tackle these problems against the backdrop of persistent cyber attacks, as well as curious and capable students. Between 2023 and 2024, we saw a 35% increase in attacks on the education sector, and as ransomware groups continue to target the sector with more sophisticated attacks — by leveraging tools like generative artificial intelligence — the potential impacts could be devastating. Institutions have no choice but to stay prepared and prioritize improving their security posture.
“Institutions should focus on maintaining strong IT security fundamentals and implementing zero trust architecture — especially for research projects with federal funding ramifications. These strategies minimize the attack surface, prevent breaches, eliminate lateral movement, and stop data loss. Proactively addressing these evolving threats will enable institutions to remain more resilient against a growing threat landscape in the coming year.”
— Hansang Bae, public sector chief technology officer, Zscaler
Budget cuts and decreased funding will come with increased risk.
“One of the cyber trends we’ve witnessed in the past few years is that of the increased data breaches affecting education entities. Community and university school systems alike have gotten caught in the crosshairs of cyber attacks because of how interconnected their third-party digital infrastructures are. While educational institutions may not have been the original target, these opportunistic incidents have shown threat actors the sensitive and privacy information that they hold — critical repositories of sensitive research records, student and faculty privacy information, financial and endowment data, and critical operational resources.
“There are growing concerns that we could see more cyber activities in this sector in the coming year as threat actors focus their sights on state, local, and education (SLED) organizations, exploiting vulnerable legacy technologies and compromising sensitive data. It’s not lost on me that we’re likely to see budgetary cuts and decreased funding across SLED and recognize that it can have an impact on bolstering IT and cyber initiatives now and into the future. My hope is that even without financial incentive, 2025 will see educational institutions place greater emphasis on enhancing cyber hygiene and implement proactive data security solutions across their siloed IT systems to safeguard the sensitive data they collect.”
— Ravi Srinivasan, CEO, Votiro
“Higher education is grappling with enrollment challenges, declining state funding, deferred maintenance of aging infrastructure, and the rising cost of student services. As budgets tighten, institutions must be more strategic in their tech investments, prioritizing initiatives that offer the most immediate value for student retention, engagement, and operational efficiency. Technologies that enhance cybersecurity and privacy will take precedence, followed by AI tools that improve teaching and learning outcomes. Institutions will need to be more intentional about aligning investments with long-term goals, ensuring every dollar spent on technology directly contributes to their educational mission.
