Texas set aside millions to help schools fight hackers. Why is most of it still untouched?
The first call came in the early hours of the morning in the fall of 2021, informing the Allen Independent School District Director of Technology, Nelson Orta, that there was an issue. A ransomware attack had paralyzed Allen schools.
"We got people back online that same day, within hours," Orta said. "But behind the scenes, there's a lot happening."
For the next three months, Orta said the district underwent a massive repair and investigation operation. It was a process that turned out to be costly.
School records obtained by the I-Team show that while Allen ISD never sent a penny in ransom to hackers, between security contractors, IT repairs and legal fees, the response to this one cyberattack cost the district more than $385,000.
"The reality is that these things cost money," Orta said. "Defending against threats, modernizing and upgrading, having staff that knows how to do those things and can implement and monitor on a daily basis, costs money."
Schools and cybersecurity
Allen ISD isn't alone. Schools have become prime targets for computer hackers.
Between July 2023 and December 2024, 82% of K-12 schools experienced a cyberattack, . That same report showed 86% of schools said a lack of funding was their top concern in defending against cyberattacks.
To address the issue in Texas, two years ago, state lawmakers set up the K-12 Cybersecurity Initiative, setting aside $55 million to help schools protect their computer systems.
But despite the need, the I-Team found that nearly two years into the program, only a fraction of the money has been used.
Leaving money on the table
Of the more than 900 school districts in Texas, only 300 had applied as of January 2025, according to records from the Texas Education Agency. By the time this two-year program ends in September, $28 million will be left on the table.
The TEA said many school districts were hesitant to apply, fearing that if the funding ends, they would have to pull money from other parts of the budget or quickly change cybersecurity plans. Other districts didn't apply because they didn't initially qualify.
When the program was first unveiled, only districts with fewer than 15,000 students were eligible. The threshold has since been raised to districts with fewer than 50,000 students.
See the map below for details on which school districts have applied for assistance from the K-12 Cybersecurity Initiative:
While hundreds of districts didn't apply, many that did said the program has helped them enhance security in ways they wouldn't have been able to otherwise.
Megan Corns, the Chief Technology Officer at Red Oak ISD, said she "absolutely" believes the program has helped prevent a cyber incident. The district received nearly $30,000 from the state. She said the money paid for a cyber detection response system.
"Which really just provides us a security guard to watch over all the devices and tell us if there's anything malicious on a device," Corns said. "That's something that I couldn't staff. I'm not going to be able to have a staff member that's going to be able to watch all of the devices at the same time."
As of January, the state reported that detection response systems funded by the program have blocked more than 1,400 ransomware-related activities.
In April, Allen ISD became the latest school district to benefit from the K-12 Cybersecurity Initiative. The district received $175,000.
In an email to the I-Team, a TEA spokesperson said that while "the program took some time to get started," the agency expects more school districts to apply if funding is renewed for another two years. The TEA is asking state lawmakers for $42 million to fund the program through September 2027.
