New Research from Absolute Underscores Educational Organizations Vulnerable to Cyber Attacks

October 01, 2019

VANCOUVER, British Columbia — October 1, 2019 — Absolute (TSX: ABT), the leader in endpoint resilience, today announced the introduction of a new research report titled ”Cybersecurity and Education: The State of the Digital District in 2020,” focused on the state of IT security, staff and student safety, and endpoint device health in K-12 organizations. The report’s findings highlight the crisis the education sector is facing as schools grapple with high levels of risk exposure – driven in large part by complex IT environments and digitally savvy student populations – that have made them a prime target for cybercriminals and ransomware attackers.

The summer months of 2019 saw the number of publicly-disclosed security incidents in K-12 school districts in the U.S. reach 160, exceeding the total number incidents reported in 2018 by 30 percent. In July alone, school districts in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut, and New York fell victim to cyber attacks. Schools are now the second-largest pool of ransomware victims, just behind local governments and followed by healthcare organizations.

Technology has proliferated the digital campus as K-12 organizations continue to rise to the challenge of modernizing classroom environments and harnessing the power of digital learning; 82 percent of schools now provide students with devices. But, the unstructured growth has created mass complexity for resource-constrained K-12 IT leaders tasked with ensuring the security and privacy of students and staff. The report’s findings emphasize this, revealing that IT leaders are now responsible for collectively managing more than 250 unique OS versions and that 93 percent are managing up to five versions of common applications.

“Today’s education IT leaders have been tasked with a remarkable feat: adopting and deploying modern learning platforms, while also ensuring student safety and privacy and demonstrating ROI on security and technology investments,” said Christy Wyatt, CEO of Absolute. “And this is not something that can be achieved by simply spending more money, especially when that money comes from public funds. The questions they each need to be asking are whether they have the right foundational security measures in place, and whether the controls they have already invested in are working properly. Without the critical elements of a strong and resilient security approach – things like visibility and control – it becomes nearly impossible to protect your students, your data, and your investments.”

Also among the report’s top findings is the number – 319 – of unique web proxy and rogue VPN applications discovered in K-12 environments, as tech savvy students look for ways to bypass security controls. Forty two percent of schools have students using these apps to mask their online activity, jeopardizing not only their own privacy and safety but also opening up the entire school network to malware, ransomware, and other viruses.

Other key insights from the report include:

Modern education environments are more technologically diverse and complex than ever. Across the K-12 organizations studied, we identified:

  • More than 250 unique OS versions of Windows, Mac, Linux, and Chrome
  • 137,000 unique application versions
  • More than 6,400 unique Chrome extensions

Ineffective native management tools, heavily relied on by education IT teams, create significant device management and security challenges.

  • More than half of K-12 organizations (53 percent) rely on native client/patch management tools
  • Native client/patch management agents experience a 56 percent failure rate

Public funding dollars are largely wasted on ineffective and decaying endpoint security controls.

  • More than one third (38 percent) of endpoint agents require at least one repair monthly
  • An average of 9 devices per day experience encryption agent failure (per school, where encryption is in place)
  • Half (50 percent) of failing encryption agents fail more than 25 times per month

A full version of the report, “Cybersecurity and Education: The State of the Digital District in 2020​,” is available for download here. Absolute will also share the findings of the report during a live webinar, “Five Steps to Safeguarding Your Digital District,” on Thursday, October 24th at 10 am PT / 1 pm ET. Register for the webinar here.

For more information about Absolute, and how the company is delivering visibility, control, and resilience to thousands of education customers worldwide, visit


This report leverages data from 3.2 million devices containing Absolute’s endpoint platform, active in 1,200 K-12 organizations across North America (U.S. and Canada). Absolute is committed to customer and student privacy and data protection — only anonymized, de-identified data was used in this study.

Share this article

About Absolute Software

Absolute Software makes security work. We empower mission-critical performance with advanced cyber resilience. Embedded in more than 600 million devices, our cyber resilience platform delivers endpoint-to-network access security coverage, ensures automated security compliance, and enables operational continuity. Nearly 21,000 global customers trust Absolute to protect enterprise assets, fortify security and business applications, and provide a frictionless, always-on user experience. To learn more, visit and follow us on LinkedIn.

©2024 Absolute Software Corporation. All rights reserved. ABSOLUTE, the ABSOLUTE logo, and NETMOTION are registered trademarks of Absolute Software Corporation or its subsidiaries. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

For more information, please contact:

Media Relations
Joe Franscella
[email protected]

Financial Services