Action1 Cybersecurity in Education Report 2025

Action1 surveyed over 350 school IT leaders and administrators worldwide to evaluate the state of school cybersecurity midway through the 2025–2026 academic year.

Building on insights from our 2024 survey, this study provides a comprehensive, year-over-year view of how schools are navigating growing operational pressures, persistent staffing gaps, and an increasingly complex threat landscape. It highlights where vulnerabilities remain, how schools are responding to evolving risks, and which emerging threats — from ransomware to AI-powered phishing — are shaping the cybersecurity priorities for the year ahead.

Key Insights

Two-thirds of school IT leaders rate their cybersecurity posture as moderate, while only 18% feel highly confident (down from 30% in 2024), reflecting a more realistic understanding of today’s complex threat environment.
Over 85% of schools experienced at least one incident, with phishing, unauthorized access, and malware most common. Some incidents caused data exposure, learning disruption, or financial/reputational harm.
Nearly 40% of schools feel under-supported against ransomware, and three-quarters lack a dedicated cybersecurity specialist, even as budgets and awareness improve.
Regular vulnerability assessments are increasing, yet almost one-third of schools run phishing simulations only annually or not at all, leaving gaps against the most common attacks.
A striking 92% of school IT leaders see AI-powered phishing as the most dangerous threat in the coming year, surpassing even ransomware.

Get the full insights from the Action1 Cybersecurity in Education Report 2025–2026.

عرض التقرير