Cybersecurity awareness and hygiene development in Finnish vocational education: staff perceptions, training gaps and diverse learning pathways
Ojala, Anna-Liisa; Sipola, Tuomo; Saharinen, Karo (2025)
Emerald Publishing
2025
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2025081983394
https://urn.fi/URN:NBN:fi-fe2025081983394
Tiivistelmä
Purpose
This study examines cybersecurity awareness and hygiene development among staff in Finnish vocational education institutions. It explores perceived skill levels, training methods, gaps between awareness and action, and diverse learning pathways. It also investigates how organisational learning influences cybersecurity practices.
Design/methodology/approach
A qualitative approach was employed, involving thematic interviews with 27 staff members from three vocational institutions across Finland. The data, including limited observation notes, were analysed inductively using thematic analysis to identify patterns related to cybersecurity competence and training experiences.
Findings
The findings reveal significant variation in cybersecurity awareness, skills, and practices among staff. While some demonstrate high competence, others rely on assumptions or outdated routines. Formal training is often generic learning, while more reflective and adaptive learning occurs through informal networks and peer collaboration. Gaps exist in preparing staff to manage real data in simulated and workplace learning environments.
Originality
This research addresses a gap in cybersecurity studies by focusing on vocational education, a sector with distinct responsibilities and risk surfaces. It highlights the importance of tailoring training and recognising informal learning.
Research limitations/implications
The study’s qualitative scope limits generalisability. Broader samples and cross-sector comparisons are recommended.
Practical implications
Institutions should strengthen diverse learning pathways, align training with staff roles and responsibilities, and support reflective learning practices that acknowledge the specific cybersecurity demands of vocational education’s close connection to real-world workplaces.
Social implications
Improved cybersecurity hygiene in vocational education benefits not only institutions but also the industries they support through student placements.
This study examines cybersecurity awareness and hygiene development among staff in Finnish vocational education institutions. It explores perceived skill levels, training methods, gaps between awareness and action, and diverse learning pathways. It also investigates how organisational learning influences cybersecurity practices.
Design/methodology/approach
A qualitative approach was employed, involving thematic interviews with 27 staff members from three vocational institutions across Finland. The data, including limited observation notes, were analysed inductively using thematic analysis to identify patterns related to cybersecurity competence and training experiences.
Findings
The findings reveal significant variation in cybersecurity awareness, skills, and practices among staff. While some demonstrate high competence, others rely on assumptions or outdated routines. Formal training is often generic learning, while more reflective and adaptive learning occurs through informal networks and peer collaboration. Gaps exist in preparing staff to manage real data in simulated and workplace learning environments.
Originality
This research addresses a gap in cybersecurity studies by focusing on vocational education, a sector with distinct responsibilities and risk surfaces. It highlights the importance of tailoring training and recognising informal learning.
Research limitations/implications
The study’s qualitative scope limits generalisability. Broader samples and cross-sector comparisons are recommended.
Practical implications
Institutions should strengthen diverse learning pathways, align training with staff roles and responsibilities, and support reflective learning practices that acknowledge the specific cybersecurity demands of vocational education’s close connection to real-world workplaces.
Social implications
Improved cybersecurity hygiene in vocational education benefits not only institutions but also the industries they support through student placements.