This year’s cybersecurity trends reflect the need for more focused cybersecurity programs that emphasize business continuity and collaborative risk management. School Board leadership need to ensure that their Board IT and Cybersecurity strategies and practices enable value and double down on embedding organizational and human resilience. Boards need to build cybersecurity into the culture of their organizations and people.
In looking at the trends, they fall into three areas: enabling transformation, embedding resilience, and enabling transformation and embedding resilience.
Enabling transformation
Generative Artificial Intelligence (GenAI) driving data security programs
The demand for GenAI, whether through third-party services, business and curricular applications or custom architectures, is growing as organizations seek AI-driven value. However, Boards should be concerned about protection of personally identifiable information, age of students, protection of intellectual property, use of copyrighted material, accuracy of generated responses, and identification that generative AI was used.
Collaborative cyber-risk management
As Boards make technology investment decisions, they need to incorporate centralized cyber-risk management, scale, reduce friction and build in agility. Business adoption of transformative technologies like GenAI rapidly evolves the cyber-risk landscape.
Managing machine identities
Boards need to understand and manage their nonhuman identities and access for machines. As Boards modernize their processes and systems, the rise of cloud services, automation, DevOps and AI, there is an expanded use machine accounts and credentials for physical devices and software workloads. Managing and securing these identities become more critical.
Embedding resilience
Transitioning to cyber resilience
Boards need to shift from a prevention mindset to focusing on building cyber resilience, which emphasizes minimizing impact and enhancing adaptability by adopting a “when, not if” mentality and accepting that incidents are inevitable.
Cybersecurity technology optimization
As cybersecurity technology options expand and large vendors push for consolidation into broad platforms, Boards must manage this tension. While these platforms aim to reduce complexity and cover more threats, they often overlap with point solutions, leading to potential inefficiencies and the need for additional tools to fill gaps.
IT and security team wellbeing
IT leadership and security team burnout is a major concern, especially given the significant skills shortage in the industry, and in particular the K-12 sector. Forward-thinking leadership emphasize mental health, prioritizing their own stress management and investing in team well-being initiatives to enhance resilience.
Enabling transformation and embedding resilience
Tactical AI
Organizations and leaders initially faced disappointment with AI due to GenAI hype but have since shifted to focusing on narrower, measurable use cases. Boards need to be more tactical with their AI tool implementations aligning them with existing metrics and initiatives to enhance visibility and demonstrate the real value of AI investments.
Extending the value of security behavior and culture programs
Security behavior and culture programs are now pivotal for organizations. Boards need to build on the value these programs for enhancing cybersecurity, leading to a strategic shift toward embedding security into organizational culture by focusing on human-level risk understanding and ownership.
Managing third-party cybersecurity risks
As the reliance on third parties using GenAI tools increases, so does the need for strong response and recovery strategies. Boards need to ensure they have policies for pausing or exiting third-party relationships and work to manage the risks.