Your School’s Cyber Risk Management Requires Teamwork

As cyber threats to K12 schools escalate, NBOA and ATLIS have issued updated guidance on cyber insurance to reflect the critical collaboration behind effective management.

Oct 11, 2022  |  By Jeff Shields, FASAE, CAE

Jeffrey Shields, FASAE, CAE
NBOA President and CEO

Any business officer who was asked the age-old question, “What keeps you up at night, in regards to your job?,” would likely include cybersecurity in their response. And for good reason. As recently as last month, the FBI issued an alert that criminal hackers were targeting K-12 schools, and escalated attacks were likely on the horizon. Risks include theft of student health information and donor financial data as well as malware and ransomware attacks. Accountability for risk management ultimately resides with your school’s board of trustees, but business officers provide daily management and oversight of this area, which traditionally includes insurance, the liaison role with general counsel and facilities management.

Because cyber insurance is relatively new, the landscape is evolving rapidly and requires careful navigation. In short, cybersecurity changes the calculus of risk management. It widens the responsibility and requires additional collaboration with your technology director to ensure a comprehensive approach to protecting your school. As in other areas of risk, the school’s board of trustees must be kept informed, in this case of the IT and security upgrades required to implement the necessary controls — and the board must approve the associated financial investments.

Another expense lever to consider is cyber insurance, premiums for which have increased in recent years, sometimes even doubling, which is markedly different from insurance coverage in other risk areas. To keep pace with cyber threats’ rate of change, the insurance industry has been changing rapidly as well. And because insurance providers know that K12 schools are a prime target for this type of threat, cybersecurity insurance premiums will likely continue to increase, and may become challenging for a school to maintain.

Guidance on Cyber Insurance for Independent Schools

For these reasons, NBOA has recently issued “Guidance on Cyber Insurance for Independent Schools on Cyber Insurance for Independent Schools” in partnership with the Association of Technology Leaders in Independent Schools (ATLIS). This resource has intentionally been developed for you and your technology director to review and implement in partnership. It’s paramount that cyber insurance and cybersecurity management be conducted at the highest administrative level of your school and in close communication with the head of school and Board.

And although our friends at ATLIS issued a version of this guidance previously, the updated guidance includes new actionable information crafted to enhance the business officer and technology director partnership. Special thanks to my friend and colleague, Christina Lewellen, the executive director of ATLIS, for inviting NBOA into the process. This opportunity allowed us to engage your peers and colleagues who serve on NBOA’s Business Officers Council, in addition to trusted business partners, to help ensure the refreshed guidance includes the business partner perspective. Our sincere thanks goes also to Fred C. Church and Bolton and Company, in addition to Ankura and Partlow Insurance for their expertise and insight.

The easy-to-use reference includes considerations for business officers and technology directors, best practices on key controls and third-party vendor contracts, concrete action steps, answers to frequently asked questions, and a technology preparedness checklist.

These days, only the rarest of challenges can be addressed effectively by a single person. Even the most accomplished individual needs partners and a good team to achieve a school’s goals. Cyber risk is certainly no exception. But by working on cyber insurance together with your technology director, you may find that you have fewer sleepless nights. As always, NBOA and ATLIS are here to help you do just that!

Jeff Shields signature

Follow NBOA President and CEO Jeff Shields @shieldsNBOA.


Jeff Shields

Jeffrey Shields, FASAE, CAE

President and CEO


Washington, DC

Jeff Shields, FASAE, CAE, has served as president and CEO of the NBOA since March 2010. NBOA is the premier national association serving the needs of business officers and business operations staff at independent schools. Shields, an active member of the American Society of Association Executives, has been recognized as an ASAE Fellow (FASAE) and earned the Certified Association Executive (CAE) professional designation. His current board service includes serving as a director for AMHIC, a healthcare consortium for educational associations in Washington, DC, as well as a trustee for the Enrollment Management Association. Previous board service includes serving as a director for the American Society of Association Executives, as a director for One Schoolhouse, an innovative online school offering supplemental education to independent schools, and as a trustee for Georgetown Day School in Washington, DC. Shields holds a BA from Shippensburg University and an MA from The Ohio State University.

Full Bio »



years is the target ceiling for a school plant's financial "age."

Get Net Assets NOW

Subscribe to NBOA's free twice-monthly newsletter.