Cybersecurity awareness and hygiene development in Finnish vocational education: staff perceptions, training gaps and diverse learning pathways
This study aims to examine cybersecurity awareness and hygiene development among staff in Finnish vocational education institutions. It explores perceived skill levels, training methods, gaps between awareness and action and diverse learning pathways. It also investigates how organisational learning influences cybersecurity practices.
A qualitative approach was used, involving thematic interviews with 27 staff members from three vocational institutions across Finland. The data, including limited observation notes, were analysed inductively using thematic analysis to identify patterns related to cybersecurity competence and training experiences.
The findings reveal significant variation in cybersecurity awareness, skills and practices among staff. While some demonstrate high competence, others rely on assumptions or outdated routines. Formal training is often generic learning, while more reflective and adaptive learning occurs through informal networks and peer collaboration. Gaps exist in preparing staff to manage real data in simulated and workplace learning environments.
The study’s qualitative scope limits generalisability. Broader samples and cross-sector comparisons are recommended.
Institutions should strengthen diverse learning pathways, align training with staff roles and responsibilities and support reflective learning practices that acknowledge the specific cybersecurity demands of vocational education’s close connection to real-world workplaces.
Improved cybersecurity hygiene in vocational education benefits not only institutions but also the industries they support through student placements. This research addresses a gap in cybersecurity studies by focusing on vocational education, a sector with distinct responsibilities and risk surfaces. It highlights the importance of tailoring training and recognising informal learning.
Authors
Anna-Liisa Ojala, Tuomo Sipola & Karo Saharinen
Cite as
Anna-Liisa Ojala, Tuomo Sipola, Karo Saharinen; Cybersecurity awareness and hygiene development in Finnish vocational education: staff perceptions, training gaps and diverse learning pathways. Information and Computer Security 2025; https://doi.org/10.1108/ICS-12-2024-0311
