Cybersecurity and unmanaged AI tools emerged as linked risks for education: a Comparitech review found ransomware incidents affecting K‑12 districts and higher‑education institutions rose in 2025, with U.S. breaches accounting for the lion’s share of stolen records—University of Phoenix, Dartmouth and University of Pennsylvania among the largest. Separately, higher‑ed IT leaders warn of ‘shadow AI’—faculty, staff and students using unvetted AI tools outside institutional oversight—that can siphon student data, violate compliance rules and create untracked attack surfaces. Institutions must pair incident response and data‑protection investments with governance policies that control third‑party tools, vet vendor security, and embed AI risk assessments in procurement.