October is Cybersecurity Awareness Month, a reminder that protecting digital learning requires more than technical safeguards—it requires strategy, leadership, and measurable value. We will highlight two examples in this blog.
Example 1: One Texas School District Realized a 55% reduction in cyber insurance costs over two years.
For one Texas school district, conducting a comprehensive cybersecurity self-assessment and third-party evaluation became the turning point that transformed its security posture while delivering a clear return on investment.
The evaluation was not treated as a checklist but as a roadmap for improvement. Leaders recognized three powerful drivers:
- Stakeholders expect reliability. Schools must ensure uninterrupted learning and operational continuity.
- Insurers expect stronger protections. With rising cyber risks, districts must demonstrate maturity before coverage is granted.
- Communities expect confidence. Families, staff, and students need assurance that their data and learning experiences are safe.
Guided by these realities, the district advanced governance, vendor risk management, and incident response capabilities. Awareness campaigns engaged the entire community. Most notably, strategic improvements resulted in a 55% reduction in cyber insurance costs over two years—a measurable Value of Investment (VOI) that allowed resources to be redirected into instructional technology, staff development, and student tools.
The evaluation also unlocked new opportunities for funding. By documenting needs and strategies with evidence, the district strengthened grant applications, secured external support, and accelerated professional development. This created a cycle of improvement where evaluation informed investment, and investment fueled greater resilience.
Perhaps the greatest value of the evaluation was not only in reducing costs or strengthening protections, but in how it reshaped the district’s culture. The process emphasized a commitment to continuous improvement—identifying gaps, setting priorities, and building capacity year after year. Instead of viewing cybersecurity as a one-time project, leaders framed it as an ongoing journey.
The evaluation also became a unifying force. By engaging leaders, educators, IT staff, and the broader community, the district built a shared focus on improvement. Every stakeholder could see where the district stood, what progress had been made, and where collective effort was still needed. This transparency turned accountability into alignment, and alignment into momentum.
Ultimately, the evaluation proved to be more than an audit—it was a catalyst for growth. It brought the district together, closed gaps that once felt overwhelming, and reinforced the belief that cybersecurity, when approached strategically, delivers measurable value while inspiring continuous progress.
VOI Measurements are Not Only Monetary
Most school districts have gone to 1 to 1. At the same time, staff have transitioned from traditional desktops to laptops. This organic transformation has turned school students and personnel into a mobile workforce. This mobilization has fundamentally changed the role of the IT department. Gone are the days when the institution was an 8-hour, 5-business-day-a-week organization. Districts have become 24/7 IT organizations. This new normal also comes with a larger attack surface for endpoint protection.
These new service hours can be handled in many ways.
- Avoidance – First, do not worry about the endpoints when not in school. Just ignore the new norm.
- Notification – A second approach is to set up alerts to send to staff and hope a staff member addresses the issue.
- 24/7 Monitoring – A third is to set up staff for paid coverage to address the alerts. This third option brings financial and personal costs.
- Automation & EDR – A very popular fourth option is to now convert their Endpoint Detection and Response (EDR) to a Managed Detection and Response (MDR). The MDR brings an enterprise-level Security Operations Center (SOC) watching a client’s endpoints with the power to respond before contacting IT staff.
The VOI of an MDR can be measured in multiple ways. A quick measurement is the cost saving of offloading the complicated coverage to a company that can leverage global SOCs and economies of scale. A second measurement would be the increased cybersecurity score due to the use of the MDR. The value shows all stakeholders that the use of the solution makes the organization more secure.
CoSN Strength in Numbers: From Cybersecurity and Strategy to Measurable Value
CoSN has long advocated that school systems apply a Value of Investment (VOI) and Total Cost of Ownership (TCO) mindset to technology decisions. This example demonstrates how cybersecurity evaluations fit directly into that framework: they don’t just reduce risk, they strengthen financial stewardship, operational excellence, and community trust.
The lesson is clear: cybersecurity evaluation is not just a technical activity—it is a strategic opportunity. When leaders approach the process with intention, they build resiliency, inspire confidence, and demonstrate measurable value.
Stay tuned! This Spring 2026, CoSN will launch a brand-new 8-week course: Unlocking the Value of EdTech Investments: VOI/TCO for Education Leaders.
This Cybersecurity Awareness Month, CoSN encourages all districts to consider how evaluation can be leveraged as a powerful tool for both protecting learning and proving impact.
AUTHOR: Frankie Jackson (TX)
CoSN Cybersecurity Committee member
Published on October 27th, 2025
CoSN is vendor neutral and does not endorse products or services. Any mention of a specific solution is for contextual purposes.
