With cyberattacks becoming frequent, Small, Medium, and Micro Enterprises (SME & ME) may be more at risk as they do not have the resources and expertise to protect themselves. For this reason, the target group includes students from the vocational training and tertiary level, as these students enter the labor market soon. Moreover, the criteria for successful teaching/learning arrangements are researched, which set the basis for further innovation.

Secondary research has been conducted to deepen the understanding of cybersecurity and the methodology of teaching/learning arrangements. Further research was devoted to available teaching/learning arrangements in cybersecurity. These findings were benchmarked and presented in an overview of available teaching/learning arrangements and with it the most important criteria and aspects of the arrangement. These arrangements were then scored using a decision analysis, which was weighted based on an expert interview. Finally, best practices were identified to use as a basis for further innovation.

This study has paved the way for the development of new innovative teaching/learning arrangements in the cybersecurity field. The research has shown that not all criteria, which are essential for a teaching/learning arrangement, have the same weighting in cybersecurity. While some are more important than others, the clear focus is to establish a culture in which students recognize their role and responsibility to cybersecurity issues. The best practice-cases from NCyTE and CyberCIEGE point out this importance. Both teaching/learning arrangements have highlighted the application of cybersecurity measures and precautions. Those measures and precautions are not only important for the student’s data and infrastructure safety but also have high importance across industries as cyber-attacks become more and more frequent. Especially for SME & MEs, the level of knowledge in cybersecurity can make a significant difference, as they do not have the resources to employ specialists.