From Boredom to Engagement: Gamification in Cybersecurity Awareness



Evangelists-Anna CollardAs someone who can barely keep up when my 10-year-old shows me around his Minecraft worlds, I was a bit apprehensive about writing a review of our gamified cybersecurity awareness module.

But hey, maybe being a bit of a klutz at gaming might actually be beneficial from a test case point of view, and who doesn't like a challenge, right?

Online games are designed to entertain, with immersive gameplay and challenges that engage players in a virtual environment. Contrary to the popular opinion of many parents, research actually links playing online games — in moderation — to significant benefits, such as achieving a flow state, increased cognitive performance, higher emotional stability, and greater psychological resilience. It can also positively influence players’ intrinsic motivation to complete tasks.

While gamification and online games might seem similar, they serve distinct purposes and operate in different contexts. Gamification integrates game elements like points, badges, and leaderboards into real-world settings, such as training. This is exactly what was done so nicely in KnowBe4’s Inside Man: New Recruits Game.

The module’s storyline leans heavily on "The Inside Man" series narrative, which is KnowBe4’s award-winning entertainment-based learning video series. The character is Mark Shepard, the Inside Man himself, an operative for a notorious cybercrime boss (The Handler) tasked with infiltrating an organization and identifying security weaknesses. This makes the experience more interesting and exciting and a nice distraction from my day to day. 

The game is divided into multiple areas, each focusing on a different aspect of cybersecurity, such as physical security, social media, phishing, passwords and document security. The challenges are short and relatively easy (although I didn’t get them all right), and it was fun to play.

The total experience took me about 10 minutes to play the first time around, with the individual modules perhaps 1.5 minutes each. I graduated as a security awareness apprentice, which my competitive streak didn’t like, so I played again. This time it took me only 3 minutes, and I improved my score to a security professional. :-D

The Power of Gamification

Keeping employees engaged and motivated to learn about cybersecurity can be challenging. This is where gamification steps in, transforming training into a more enjoyable and effective intervention. Ongoing research supports the advantages of using gamification as an educational method in cybersecurity.

It indicates that using various game elements, such as storytelling, team leaderboards and interactive scenarios, results in increased knowledge, improved engagement, and positive behavior changes.

Here are three reasons why you may want to consider bringing gamified content, like the Inside Man Game, into your security awareness program:

1. Improves Motivation 

Gamification can significantly increase employee motivation by making training more enjoyable and appealing. In the 2019 Gamification at Work Survey by Talent LMS, 83% of participants felt more motivated with gamified training, while 87% reported increased productivity and engagement. Moreover, 82% said they felt happier at work due to gamified training.

Research shows that gamification makes learning about cybersecurity much more engaging, especially for those who find traditional training methods dull. Incorporating game-design elements like storytelling and leaderboards into learning platforms greatly boosts cybersecurity awareness. These findings suggest that using these interactive features can effectively enhance security awareness levels.

2. Better Performance Feedback 

Gamification provides instant feedback, helping employees track their progress and improve their behavior. It uses game elements to visibly showcase learners' efforts, motivating them in their learning journey. This approach taps into intrinsic motivation, making tasks enjoyable and engaging without needing external rewards.

By fulfilling employees' basic psychological needs for competence, autonomy and relatedness, gamification fosters a more positive and motivated work environment. Additionally, leaderboards publicly recognize top performers, inspiring others to strive for higher achievements.

3. Learn New Habits in a Fun Way 

Habit formation has the potential to create behavior change that is long lasting. Gamification provides learners with motivation, mental relaxation, and habit reinforcement through the integration of game-like elements and interactive activities. Making learning more fun and enjoyable means participation goes up, with 89% of employees in the TalentLMS survey stating they would be more productive and motivated if their learning experience was gamified.

Additionally, 33% would like more game-like features in their employee training software. Gamification can also act as a sandbox, allowing people to experiment and explore in a risk-free environment. This empowers learners to tackle challenges, make security decisions, and learn from trial and error before encountering real-world situations. Studies have shown this iterative process speeds up the acquisition of cybersecurity knowledge, experience and skills.

Gamification is a powerful tool for enhancing employee engagement in cybersecurity awareness programs. It boosts motivation, productivity and participation, providing better feedback and fostering a high-performance culture. By making learning a bit more fun, gamification can help to impart cybersecurity knowledge effectively.

Give it a try and let me know if you make it beyond the security awareness apprentice score on the first time round.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/phishing-security-test-offer



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews