Funds For Learning’s 2026 cybersecurity report brings together eight years of survey data, federal pilot program filings, and six years of E-rate firewall funding records into a single, consistent finding: demand is well-documented, the gap is significant, and the highest-need schools are the most affected.
For years, the conversation around K–12 cybersecurity has been driven by anecdotes — ransomware attacks, insurance pressures, and growing technical complexity. What has been missing is a comprehensive, data-driven view across multiple sources.
This analysis fills that gap.
Sustained, Near-Unanimous Demand
Since 2018, Funds For Learning has asked E-rate applicants a simple question: should network security be eligible for E-rate funding?
The answer has been remarkably consistent.
Across eight years and more than 13,000 responses, an average of 97.7% of applicants support cybersecurity eligibility, with support never falling below 96%.
This is not a recent trend driven by headlines or pilot programs. It is one of the most stable signals in the history of the survey.
In 2025, respondents were also asked to rank potential eligible services. Network security placed 4th out of 10 options — essentially tied with services that are already funded.
From the perspective of applicants, cybersecurity is not emerging — it already belongs.
What Applicants Are Saying Has Changed
The numbers tell part of the story. The language applicants use tells the rest.
Funds For Learning analyzed 3,877 open-ended survey comments from 2019 through 2025. Of those, 660 comments — 15% — referenced cybersecurity directly, with that share exceeding 20% in recent years.
More important than volume is how those comments have evolved.
Earlier responses referenced “firewalls” in general terms. More recent responses name specific tools:
- Endpoint Detection & Response (EDR)
- Security Information and Event Management (SIEM)
- Multi-factor authentication (MFA)
- Zero-trust frameworks
These are not abstract requests. They reflect operational realities — cyber insurance requirements, incident response experiences, and day-to-day risk management.
A new theme has also emerged: insurance mandates. Districts are increasingly required to implement specific cybersecurity controls as a condition of coverage, creating a required cost with no corresponding E-rate funding pathway.
The Pilot Program Provided the First Real Demand Signal
The FCC’s Schools and Libraries Cybersecurity Pilot Program created the first opportunity to measure actual demand.
- Phase 1: ~2,700 applicants requested $3.7 billion
- Phase 2: 614 applicants submitted $174.4 million in detailed requests
Phase 2 data provides the clearest picture yet of how schools are allocating cybersecurity dollars.
The most important takeaway:
Demand is concentrated in services, not just equipment.
Monitoring, detection, and response represent the largest share of requests, followed by identity protection and endpoint security. This reflects a shift toward ongoing, managed security — not one-time hardware purchases.
This is a key mismatch with the current E-rate program structure.
The Gap: 30:1 — and Larger in Practice
Today, E-rate’s primary cybersecurity-related support is limited to “basic” firewall hardware under Category 2.
Over the past six years, that has amounted to approximately $41 million annually.
When compared to:
- $3.7 billion in Phase 1 pilot demand, or
- $174.4 million from a limited Phase 2 cohort,
the gap becomes clear.
Depending on how the comparison is framed, the shortfall ranges from roughly 30:1 to 90:1.
And even that understates the issue.
The current funding baseline excludes:
- Software subscriptions
- Threat intelligence
- Managed services
In other words, it captures what the program allows — not what schools actually need.
The Program Is Reaching the Right Schools
One finding is particularly important for policymakers.
The existing program is successfully targeting high-need applicants.
- 99.6% of Phase 2 applicants qualify at the 90% discount level
This confirms that the E-rate equity mechanism is working as intended.
The issue is not who the program serves.
It is what the program allows them to purchase.
What This Means
The data points to a clear conclusion:
- Demand has been consistent for nearly a decade
- Applicant needs have become more sophisticated
- Real-dollar requests confirm the scale of the gap
- The program’s structure does not align with how schools secure their networks today
This is not a question of whether cybersecurity belongs in E-rate.
It is a question of whether the program will evolve to match the reality already visible in the data.
