Cyber security, safety and ethics education falls short in U.S. schools

America's young people aren't receiving adequate instruction to use digital technology and navigate cyber space in a safe, secure and responsible manner and are ill-prepared to address these subjects, according to a new poll released by the National Cyber Security Alliance (NCSA) and supported by Microsoft Corporation. The State of K-12 Cyberethics, Cybersafety and Cybersecurity Curriculum in the U.S. Survey found that more than three quarters of U.S. teachers have spent fewer than six hours on any type of professional development education related to cyberethics, cybersafety, and cybersecurity within the last 12 months; more than 50% of teachers reported their school districts do not require these subjects as curriculum; and only 35% taught proper online conduct.

Yet, despite this lack of professional development and consistent teaching of Internet safety, the survey shows that America's teachers, school administrators, and technology coordinators strongly agree that cyberethics, cybersafety and cybersecurity curriculum should be taught in schools.

The poll, conducted by Zogby International, surveyed more than 1,000 teachers, 400 school administrators and 200 technology coordinators, and has supporting analysis conducted with the Maryland-based research organization Educational Technology, Policy, Research and Outreach (ETPRO).

Among the key findings of the survey:

• More than 90% of technology coordinators school administrators and teachers support teaching cyberethics, cybersafety and cybersecurity in schools. However, only 35% of teachers and just over half of school administrators report that their school districts require cyberethics, cybersafety, and cybersecurity in their curriculum.

• Low levels of integration of key cyberethics, cybersecurity, and cybersafety topics into everyday instructional activities. For example, only 27% of teachers taught about the safe use of social networks, only 18% taught about scams, fraud and social engineering, and only 19% taught about safe passwords in the past 12 months. Additionally, 32% of teachers indicated they had not taught cyberethics, and 44% of teachers had not taught cybersafety or cybersecurity.

• Differing opinions between teachers and administrators as to who is or should be responsible (parents vs. teachers) for educating students about cyberethics, cybersafety, and cybersecurity. For example, while 72% of teachers indicated that parents bear the primary responsibility for teaching these topics, 51% of school administrators indicate that teachers are responsible.

"The study illuminates that there is no cohesive effort to provide young people the education they need to safely and securely navigate the digital age and prepare them as digital citizens and employees," said Michael Kaiser, Executive Director of the National Cyber Security Alliance. "Unfortunately, we are not meeting the needs of schools, teachers, or students. President Obama in his Cyberspace Policy Review released last year specifically calls for a 'K-12 cybersecurity education program for digital safety, ethics and security.' Now is the time for a national consensus to move forward to achieve that goal."

The survey also found a high reliance on shielding students instead of teaching behaviors for safe and secure Internet use. More than 90% of schools have built up digital defenses, such as filtering and blocking social network sites, to protect children on school networks. While these defenses may help reduce the online risks children face at school, they do not prepare students to act more safely and responsibly when accessing the Internet at home or via mobile devices.

"Schools can be assisted via partnerships between public and private-sector entities," said Jacqueline Beauchere, a Director in Microsoft Corporation's Trustworthy Computing Group, and the company's representative to NCSA's Board of Directors. "Such partnerships encourage information and idea-sharing and, most importantly, help give teachers the training they need and want so they can instruct their students about cybersecurity, cybersafety and cyberethics."

The survey adds to the findings from the 2008 National Cyberethics, Cybersafety, Cybersecurity Baseline Study, which was the first comprehensive research related to cyberethics, cybersafety, and cybersecurity awareness, training, and need in the K-12 community. The 2010 poll was designed to provide an updated snapshot of educational awareness policies and practices around these subjects.

The poll was conducted between December 29, 2009 and January 11, 2010, and has a margin of error of +/- 3.2%. The complete study is available at