First things first: what’s gamification?
It depends on the context. In recent years ‘gamification’ and ‘serious games’ have grown to become popular buzzwords reaching far beyond niche creative agencies: from your online shopping to tax declarations, digital experiences everywhere are now ‘gamified’. Gamification is essentially using game mechanics to deliver learning – improving engagement and retention.
This broad application of the concept gives rise to debates about the terminology itself: do you know the difference between ‘gamification’ and ‘serious games’, for example? In an attempt to respond to this question, specialists refer to different ‘levels’ or ‘degrees’, depending on the amount of ‘game mechanics’ present in a solution.
The truth is that it’s all subjective and there is no single reference framework. For example, a gamified corporate induction process will share few characteristics with a game designed to teach students of French new verbs; so it can be difficult – even counterproductive – to impose specific labels. Ultimately, whatever the name, the key takeaway is that its form and application depend on its intended purpose.
Okay, so what are these ‘game mechanics’?
These are the devices that make games fun, and even addictive. Common game mechanics include simple behavioural stimuli like competition or reward. They are the motivators that drive us to return for another round of Scrabble or Candy Crush Saga. Most of our favourite games share common characteristics: collecting items, avoiding losing something, time pressure, progress through levels, and so on. When applied correctly, these ‘drivers’ can be powerful tools in adult learning and behaviour change initiatives, including the field of cyber security.
Benefits for cyber security e-learning
Keeping the above in mind, we’ll examine two cyber security awareness challenges and how integrating game mechanics can help address them.
Challenge: a lack of motivation and sense of responsibility
A common issue when it comes to cyber security awareness training is a lack of buy-in and engagement with the subject. Employees often feel that protecting the organisation is the responsibility of the IT department, and that any potential threat is so abstract and removed from their remit that there is no point in even attempting to understand it.
Gamified solution: threat personification and competition – defeat the cyber criminal
This type of disengagement can be addressed by personifying the threat as a cyber criminal who acts as the learner’s virtual opponent in an online quiz. Through this exercise, employees will feel that their awareness can, in fact, protect their organisation. If learners lose the challenge, they can be presented with a number of consequences of cyber attacks, such as losses in revenue and reputational damage.
In this example, our learner must beat the hacker before they catch up.
Challenge: the gap between knowledge and workplace application
It is a well-established fact that there is a significant difference between knowledge and application, and this is just as true for cyber security awareness training. In practice, this means that most users remember enough of the information presented to them in an endless ‘click next’ marathon to pass the multiple-choice test at the end. But the same users are not likely to adopt the right behaviours and reflexes on the job.
According to a common learning design evaluation model, this is the difference between “learning” (the degree to which the intended knowledge is acquired) and “behaviour” (the degree to which participants apply what they have learned). When measuring return on investment, behaviour change is an essential success factor. It is the factor that makes the difference between a tick-box audit trail showing that “everyone has completed the training” and actually avoiding serious losses through a malicious email link, for example.
Gamified solution: storytelling, challenges and real-time consequences – lead your character to make the right decisions
To bridge the gap between theoretical knowledge and workplace application, we can apply proven techniques, such as storytelling and branching scenarios to make learners active participants in the experience and foster the right reflexes for real-life situations that could arise on the job.
To limit the length of your awareness e-learning, these challenges can be introduced through a problem-based approach to content delivery. This means that rather than being presented with the information followed by some test questions, learners are given a practical challenge first and are then encouraged to find the solution. By either failing to discover the right behaviour to adopt or having to actively search for it, employees are more likely to remember the content of the challenge at hand, but also practice the hands-on actions and behaviour expected of them without exposing the organisation to the real risk.
In this example, the learner has to decide how to handle the customer’s payment card data in a safe way.
When using gamification in e-learning effectively it’s essential to avoid applying it indiscriminately, it should be meaningful and appropriate to the context and purpose.
Our Information Security and Cyber Security Staff Awareness E-learning Course lends itself to game mechanics.
This interactive e-learning course helps employees learn about the most important elements of information security and cyber security. It teaches them how to reduce the likelihood of human error by focusing on common staff-related cyber security threats and providing guidance on how to recognise and mitigate them.
The best way of implementing gamification in your e-learning programme is to create a bespoke programme with us. Our experts will work with you to determine the gaps in your employee’s knowledge and create a programme that fits your needs entirely, and will develop it using the best learning techniques including gamification, where appropriate.