/Passle/66030b5f24299750fade21de/SearchServiceImages/2025-01-27-23-35-03-196-67981827336eac9e8b60efa9.jpg)
The most obvious preventative investment for cybersecurity protection is insurance. In recent years, however, school districts have been expected to have certain security measures in place before even qualifying for coverage (e.g., multifactor authentication, staff training, audits, etc.).
As discussed in Part I of this series, many districts struggle to maintain the necessary expertise and internal knowledge base to ensure even basic elements of cybersecurity—deterring many from following through with purchasing coverage. Aside from the threshold issue of eligibility the more pressing concern for school districts is whether cyber insurance and its ancillary costs can even be factored into what are often already designated funding resources.
That is to say, is cyber prevention even in the budget? While the answer to this question will vary depending on the state and in many cases the resources available to the district itself, there are some measures that districts, across the board, can take to better support cyber security for students and staff. First, maximize the use of free resources. For example, the federal Cybersecurity and Infrastructure Security offers free Cyber Hygiene Services that scan public-facing network and web applications for vulnerabilities and issue a weekly report to make recommendations based on its findings.
Second, districts should consider joining state and national organizations that focus on cybersecurity. These organizations are helpful for staying abreast of best practices and the most effective digital resources.
Third, districts should ensure that in purchasing cyber insurance there is a full understanding of its obligations so that it is clearly understood what requirements need to be met for coverage in the event of a breach. Check out the article for more tips and resources!
But a challenge remains for schools trying to balance the costs of cyber insurance with accommodating its prerequisites. On top of that, some districts struggle just to find the expertise and financial resources needed to cover basic cybersecurity protections.
This quagmire has actually led some districts to avoid purchasing cyber insurance altogether, said Amy McLaughlin, project director of Cybersecurity and Network and Systems Design Initiatives at CoSN. If a cyber insurance company is asking districts to pay for protections like multifactor authentication and backup systems, then they may not have enough money left over to afford the cyber insurance itself, she said.
“The challenge here is that there’s a chicken and an egg. Do I get the chicken? Do I get the egg?