According to K-12 Dive two things are happening simultaneously in education cybersecurity. Ransomware groups are becoming more sophisticated in how they target education platforms. And government officials are beginning to shift accountability toward the ed-tech vendors rather than the school divisions that trusted them. Virginia Code Section 22.1-20.2:1 is already moving in that direction. The vendor agreement language it requires is not bureaucratic box-checking. It is the first layer of that accountability in practice.
