Evaluating the Level of Cybersecurity Awareness of Employees in the Wellbeing Services County of South Ostrobothnia
Kangas, Janne (2026)
2026
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202604075734
https://urn.fi/URN:NBN:fi:amk-202604075734
Tiivistelmä
Healthcare organisations face increasing levels of cybersecurity threats with digitalisation increasing rapidly over the past few years. These threats are growing in the level sophistication each day as the implementation of artificial intelligence is added to the equation whether it is to defend against attacks or create them.
Humans in the context of cybersecurity are seen as one of the easiest ways to breach an organisation due
to technical measures being unable to perfectly account for the human factor when defending against at-
tacks. This has led to malicious actors utilising employees of organisations to gather and steal confidential
information.
In Finland, wellbeing services counties were formed in 2023. Different organisations were merged to create
big organisations that in most cases amounted to having the number of employees increased by an order of
magnitude. This meant that employees of the newly formed organisations had to adapt to different set of
guidelines and policies surrounding cybersecurity and in some cases without proper orientation taking
place. Previous organisations had varying levels of cybersecurity knowledge and different sets of rules what
the employees had to follow and the need for measuring how the employees have adapted to this new environment rose, with the addition of their perception of using artificial intelligence when it comes to work.
The study was implemented using a quantitative method where a survey was conducted for the employees
of the Wellbeing Services County of South Ostrobothnia. The survey was implemented with four different
main categories: compliance, awareness, incident and artificial intelligence. Variations between age and the
area of operation were taken into account to see whether these demographic factors had an impact on the
results.
Findings of this study show that to get an accurate overview on the level of cybersecurity awareness that
the employees have, the level must be quantitatively measured. Results show, that there are no significant
changes when it comes to the level of cybersecurity awareness or the view on artificial intelligence based
on demographic variables.
Evaluating the Level of Cybersecurity Awareness of Employees in the Wellbeing Services County of South Ostrobothnia
Humans in the context of cybersecurity are seen as one of the easiest ways to breach an organisation due
to technical measures being unable to perfectly account for the human factor when defending against at-
tacks. This has led to malicious actors utilising employees of organisations to gather and steal confidential
information.
In Finland, wellbeing services counties were formed in 2023. Different organisations were merged to create
big organisations that in most cases amounted to having the number of employees increased by an order of
magnitude. This meant that employees of the newly formed organisations had to adapt to different set of
guidelines and policies surrounding cybersecurity and in some cases without proper orientation taking
place. Previous organisations had varying levels of cybersecurity knowledge and different sets of rules what
the employees had to follow and the need for measuring how the employees have adapted to this new environment rose, with the addition of their perception of using artificial intelligence when it comes to work.
The study was implemented using a quantitative method where a survey was conducted for the employees
of the Wellbeing Services County of South Ostrobothnia. The survey was implemented with four different
main categories: compliance, awareness, incident and artificial intelligence. Variations between age and the
area of operation were taken into account to see whether these demographic factors had an impact on the
results.
Findings of this study show that to get an accurate overview on the level of cybersecurity awareness that
the employees have, the level must be quantitatively measured. Results show, that there are no significant
changes when it comes to the level of cybersecurity awareness or the view on artificial intelligence based
on demographic variables.
Evaluating the Level of Cybersecurity Awareness of Employees in the Wellbeing Services County of South Ostrobothnia