How Gamification Can Transform Cyber Security Awareness Training

Gamification is a phrase that’s been popping up a lot in the past few years. Essentially, it refers to the way learning materials incorporate game mechanics.

By doing this, learners are no longer simply sitting and reading or listening to study material. They instead become active participants in the training, taking quizzes, pressing buttons and competing against the clock.

Research suggests that individuals prefer to learn this way. An Adobe study found that 79% of people said they would be more productive and motivated if their learning environment was more like a game.

The evidence backs up the theory. The same study found that there was a 60% increase in learner engagement for gamified training courses, and a 43% enhancement in employee productivity.

Why is this the case? One reason is that competition is a scientifically proven method to improve motivation. Winning a contest – or even performing beyond one’s expectations – activates the reward centres in our brains and produces a rush of dopamine.

Dopamine is mostly known to improve our mood, but it also improves our attention, motivation and memory.

Benefits for cyber security e-learning

There are several benefits of gamification in cyber security training. Let’s look first at how it improves motivation.

A common issue with cyber security awareness training content is a lack of buy-in and engagement with the subject.

Employees often feel that protecting the organisation is the responsibility of the IT department.

Any potential threat is so abstract and removed from their remit that there is no point in attempting to understand it.

You can address the lack of engagement by personifying the threat as a cyber criminal who acts as the learner’s virtual opponent in an online quiz.

Through this exercise, employees will feel that their awareness can protect their organisation.

If learners lose the challenge, they can be presented with the consequences of cyber attacks, such as losses in revenue and reputational damage.

Another major benefit of gamification is that it plugs the gap between theoretical knowledge and the practical application of lessons.

In practice, people tend to remember enough of the information presented to them in an endless ‘click next’ marathon to pass the multiple-choice test at the end. But the same users are not likely to adopt the right behaviours and reflexes on the job.

When measuring return on investment, behaviour change is an essential success factor.

Behaviour change makes the difference between a tick-box audit trail showing that “everyone has completed the training” and avoiding severe losses through a malicious email link.

Gamified content solved this problem by demonstrating the real-world consequences of their actions.

With techniques such as storytelling and branching scenarios, you make learners active participants in the experience.

This means that rather than being presented with the information followed by some test questions, learners are given a practical challenge first and are then encouraged to find the solution.

By either failing to discover the correct behaviour to adopt or having to actively search for it, employees are more likely to remember the content of the challenge at hand, but also practice the hands-on actions and behaviour expected of them without exposing the organisation to the actual risk.

In this example, the learner has to decide how to handle the customer’s payment card data safely.

When using gamification in e-learning effectively it’s essential to avoid applying it indiscriminately.

Game-based learning should be meaningful and appropriate to the context and purpose.

Gamification and GRC eLearning

At GRC eLearning, we are big proponents of gamification. It’s why many of our training courses use the technique to boost employee engagement.

Whether you’re looking to educate your staff on occupational health and safety, physical security risks or the threat of phishing, we have you covered.

One course we recommend in particular is our Information Security and Cyber Security Staff Awareness E-learning Course, which lends itself perfectly to game mechanics.

This interactive e-learning course helps employees learn about the most critical elements of information security and cyber security.

It teaches them how to reduce the likelihood of human error by focusing on common staff-related cyber security threats and providing guidance on how to recognise and mitigate them.

A version of this article was originally published on 6 June 2019.


  • Luke Irwin

    Luke Irwin is a writer for IT Governance. He has a master’s degree in Critical Theory and Cultural Studies, specialising in aesthetics and technology..