The last couple of years have made one thing clear: small oversights can spiral fast. All it takes is one wrong click on a phishing link or one unpatched vulnerability, and suddenly you’re handing over credentials, downloading malware, or watching ransomware spread across your network.
Schools are one of the primary targets of cybercriminals, and Action1’s Cybersecurity in Education Report 2025-2026 confirms that fact, outlining how cyber incidents have become the norm in educational institutions worldwide.
That’s largely because schools remain unprepared for the sophisticated, AI-powered threats that have emerged in recent years. Action1’s report surveyed over 350 school IT leaders worldwide, and the findings paint a troubling picture, where despite rising budgets and growing awareness, the education sector is stuck in a cycle where good intentions keep running into structural roadblocks.
The unpleasant truth is that today the gap between awareness and action has never been clearer.
Visit for Full Report:
School IT Leaders Are Finally Getting Realistic About Their Security
Two-thirds of school IT leaders acknowledge the reality and rate their cybersecurity as “moderate” at best. That might sound pessimistic, but in reality it’s actually progress, because last year, 30% of them felt confident about their security posture. But were they really? This year, that number dropped to 18%.
Don’t get it wrong—it’s not that schools have lost ground. It’s exactly the opposite: they just became more realistic, and that is a step forward in the right direction. We all know that growth starts with honesty. First you admit your weaknesses, then you start turning them into strengths.
In 2025-2026, dealing with AI-powered phishing campaigns and ransomware attacks is harder than ever, and school IT leaders know it better than anyone. They’re looking at their patched-together systems and aging infrastructure and have no other choice than admitting what many probably suspected all along: they’re not ready for what’s coming.
And what’s coming is already here. A staggering 89% of surveyed schools experienced at least one cyber incident in the past year. As you can imagine, phishing attacks topped the list, followed by unauthorized access and malware. The consequences weren’t minor—tons of personal information got exposed, in some cases learning got disrupted, and the worst part is that reputations took hits that can hardly be erased.
Cyber incidents aren’t occasional disruptions anymore. They’re a daily reality for school IT leaders, and unfortunately, things don’t seem to be changing anytime soon.
Visit for Full Report:
Rising Budgets Can’t Solve the Staffing Crisis
We see a continued trend of schools spending more on cybersecurity, which should translate into better protection, but the report suggests otherwise. In reality, nearly 40% of school IT leaders admit they are unprepared for today’s ransomware attacks. The reason behind this is that money alone doesn’t solve the problem. The real issue is staffing, or particularly the lack of it.
About 74% of schools surveyed say they don’t have a dedicated cybersecurity specialist, and that’s mind-blowing. If we think about that for a second, three out of four schools are trying to protect their endpoints with IT generalists who are already overwhelmed with hardware repairs, software updates, helpdesk tickets, etc. That’s simply impossible.
They must have in place cybersecurity specialists who know what they’re doing, which systems can protect them best, and most importantly, how to manage them in order to keep hackers away.
Even when schools do hire the right security-focused staff, they often face extreme workloads. So yes, budget limitations continue to be the primary obstacle to enhancing cybersecurity, with outdated infrastructure, staff shortages, and low user awareness following closely behind.
All these conditions set the stage for a potential disaster that could have far more severe consequences than anticipated. The truth is that these aren’t technical problems you can solve immediately. They’re structural ones that require institutional change. But that’s a slow, messy, and expensive process.
The Gap Between Knowing and Doing Keeps Growing
Let’s not lump everyone together, because some schools are doing better than others. In fact, many educational institutions are conducting regular vulnerability assessments, educating staff and students, and putting stronger protections in place, which is encouraging and should be praised.
But the thing is that other critical practices are lagging badly. Take phishing simulations, where nearly one-third of schools only run them once a year, or even worse, skip them entirely.
Now that’s a huge problem, especially when 92% of IT leaders expect AI-powered phishing to be the most dangerous threat in the coming years. To successfully battle these threats, you have to embrace regular training sessions for identifying phishing attacks and explain the benefits and effectiveness of using spam filters and anti-phishing tools. These will help minimize the risk significantly.
On the other hand, ransomware attacks have quadrupled in the past decade, and they typically overtake endpoints by exploiting known or zero-day software vulnerabilities. Thankfully, there is a way to significantly reduce the risk of falling victim to these attacks by leveraging patch management platforms like Action1 to remediate software flaws at scale in a timely manner. Implementing EDR, XDR, or MDR solutions also helps detect and block ransomware early in the attack chain before it can cause serious damage.
However, as we mentioned earlier, schools are most frequently lacking staff to manage these systems correctly, so the risk remains higher than expected, and that is one of the main problems. This suggests that school IT leaders know what they should be doing, but they just can’t do it consistently with the resources they have. And while internal gaps are holding schools back, the external pressure is mounting fast.
“Education systems remain a top target for cybercriminals, and while school leaders are becoming more clear-eyed about the risks, many are still stretched thin,” said Mike Walters, President and Co-founder of Action1. “This year’s report shows real progress in how schools approach cybersecurity, but persistent structural limitations, including staffing shortages and outdated infrastructure, continue to leave learning environments vulnerable.”
Schools Know AI Attacks Are Coming—Most Can’t Stop Them
Without a doubt, ransomware has dominated education cybersecurity conversations for many years, and it’s definitely still a major threat. Half of school IT leaders view it as a serious risk, but it’s no longer the top concern.
AI-powered phishing has taken that spot, with nearly every school IT leader surveyed believing that artificial intelligence-driven social engineering will be the most dangerous threat they face. And it makes sense if you think about it, because most phishing attacks once contained obvious fraud signs like grammar mistakes in the emails, alerting users that something’s wrong. But things have changed, AI has now improved these attacks to the point where they look 100% authentic, increasing their success rates immensely.
Hackers can now craft personalized messages, mimic specific writing styles, and eliminate obvious red flags entirely. For them it’s easier than ever to research targets on social media, reference recent school events, and create convincing pretexts that even trained staff might fall for—clicking on that malware link or handing over their credentials.
All of this means school IT leaders now face a race they can’t win alone. On one side, AI systems can generate thousands of targeted attacks in minutes. On the other, they’re struggling to train teachers, students, and administrators to spot threats while also keeping ancient servers running and managing device deployments. It’s well known that trying to split yourself between too many tasks never ends well — it kills productivity and doubles mistakes and blind spots. So yes, the balance isn’t exactly fair.
What Needs to Change (And Why It Won’t Be Easy)
The education sector is maturing in how it thinks about cybersecurity, which is good. School IT leaders are becoming more realistic about their limitations and aware of the threats they face. Despite being overwhelmed and stretched thin, they keep pushing their limits to conduct more assessments, invest in training and new cybersecurity systems, and build stronger defenses against emerging cyber risks.
However, awareness doesn’t equal capability, and the same structural problems keep showing up: insufficient staffing, limited budgets, outdated infrastructure, and inadequate training for end users. The same old issues have remained unsolved for years. But the bad news is that cybercriminals have gotten smarter, faster, and more sophisticated thanks to AI technologies. Too many schools, on the other hand, are still trying to solve 2025-2026 problems with 2015 resources.
In reality, each and every school will have to make sustained investments, implement structural reforms, and demonstrate real commitment to cybersecurity. This means hiring dedicated cybersecurity professionals and leveraging solutions like autonomous endpoint management platforms (Action1), EDR, XDR, and anti-phishing tools to minimize the chance of experiencing a successful cyberattack.
But altogether, these measures can become worthless if there’s no culture where security is everyone’s responsibility, not just the IT department’s problem. Everyone, from students and teachers to staff members with computer access, should take an active role in spotting and reporting phishing attempts and keeping their devices up to date. The unpleasant truth is that until that happens, schools will likely keep fighting this losing battle, becoming more aware of the risks but still unable to fully address them.
Visit for Full Report:
About Action1
Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.
In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.
