Woburn, MA – June 29, 2021 – Today Kaspersky released a new survey report showing that 55% of parents in the United States have experienced at least one cyberattack against the schools their children were attending. In addition, 72% of the surveyed parents said they support having their child’s school pay the ransom in the event of a ransomware attack, compared to 28% of parents who said their school should never pay. Kaspersky surveyed more than 1,000 parents of school-age children in the U.S. in order to learn, for the first time, about how parents perceive the issue.

According to government data, ransomware attacks on schools doubled to reach 57% of all ransomware incidents in the fall of 2020, up from 28% over the prior spring and summer. Attackers have demanded tens of millions of dollars in many cases, and several schools have paid ransoms in an effort to keep schools open and avoid the misuse of sensitive student data.

The survey found that 29% of parents would want their school to pay more than $100,000, including 5% who would pay more than one million, and another 11% who would pay any amount requested. Other parents would pay smaller amounts, with 43% who would pay varying amounts up to $100,000.

“Given the sensitivity around protecting young students, parents and authorities are unfortunately likely to cave into financial demands in the event of a wide, distributed breach of data,” said Ali Hirji, research and project lead at the AI Hub & Centre for Cybersecurity Innovation at Durham College. “With our virtual delivery format and heightened anxieties, teachers and admins are expected to deliver instant responses and this ultimately presents a major vulnerability.”

“One of the reasons the ransomware problem has gotten so huge is because organizations are paying up,” said Kurt Baumgartner, principal security researcher at Kaspersky. “No one should pay a ransom. It funds criminal activity. Instead, schools and other organizations should take steps to prepare for cyber incidents so they don’t find themselves in a desperate situation. Students and their parents can also protect themselves by practicing basic security hygiene.”

Forty-one percent of parents whose schools were attacked said it happened multiple times.

Only 34% of parents whose school experienced a cybersecurity incident were notified immediately by the school. Fifty-seven percent of parents heard about it first from another source, such as their child (10%), other parents (13%), the local news (14%), or social media (20%). Eight percent said they first heard about the incident from the school, but not until long after the incident.

Still, parents remained mostly confident in their school districts’ efforts. More than two-thirds (68%) said they think their school is somewhat or very prepared. Eighty percent said their schools have communicated in some way about their cybersecurity preparedness. Eighty percent also said the school had shared best practices for students and parents.

Parents are also playing their part. Seventy-five percent said they talk with their children at least regularly about practicing good security hygiene, addressing topics such as the importance of using strong passwords.

Kaspersky surveyed 1,014 parents of children in U.S. elementary, middle and high schools, between May 4, 2021 and May 11, 2021.

The full results of the survey are available here.

Kaspersky experts recommend parents and students do their part to protect themselves, their classmates and their school networks by taking basic steps such as:

  • Backing up important data stored on their devices
  • Protecting accounts with a strong, unique password for each one, and using multifactor authentication whenever it’s offered
  • Installing consumer security solutions on their devices
  • Avoid clicking links in spam emails or on unfamiliar websites and never open email attachments from unknown senders.

Kaspersky recommends that school IT administrators:

  • Always promptly install available software updates
  • Back up data regularly and make sure it would be quickly accessible in an emergency
  • Focus their defense strategies on detecting lateral movements and data exfiltration to the internet
  • Never pay a ransom and instead contact law enforcement and visit kaspersky.com to find the latest decryptors and ransomware removal tools.

Supporting Resources:

 About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media Contact

Sawyer Van Horn


(781) 503-1866


Majority of parents have experienced school cyberattacks, 72% support paying ransomware attackers

Kaspersky Logo