Using Gamification To Develop Effective Cyber Security Training: A Hands-On Case Study

Using Gamification To Develop Effective Cyber Security Training A Hands-On Case Study
Andrii Yalanskyi/
Summary: To address the need for better cyber security awareness training, Inno-Versity partnered with a cyber security company with a global client base. The objective was to educate corporate and higher education clients. These modules are primarily focused on training end-users to prevent an attack by creating a content-rich, engaging story that motivated participants through a robust gamified learning experience.

Gamification Case Study And Cyber Security Awareness

For this gamification case study, Inno-Versity was its own client. Cyber security training is at the forefront of the minds of most of our corporate and university clients, especially in light of today’s fast-growing work-from-home options for employees.

The statistics—even before the arrival of the COVID-19 pandemic—are significant and scary. More than 50% of all hacking attacks gain access to an organization’s system through human error. Hackers know that accessing company files by going through vulnerable team members is one of the most reliable methods. This is true for both small and large organizations. In fact, 43% of all attacks are on small businesses. For larger organizations, the cost of a successful cyber attack can be millions of dollars. The need for effective training for employees is clear and obvious.

eBook Release: What Is eLearning Gamification And Why Is It Vital For L&D Professionals?
eBook Release
What Is eLearning Gamification And Why Is It Vital For L&D Professionals?
Learn how to bring gamification into your learning with solid theory and great case studies.

To address this need, Inno-Versity partnered with a cyber security company with deep experience and a global client base. Our partner has worked with education institutions, and industry sectors such as automotive, legal, software, industrial, government, finance, and healthcare. The objective in this partnership was to create a series of learning modules to educate corporate and higher education clients. These modules would become an essential part of cyber security strategies and be primarily focused on training end-users to prevent an attack.

The Cyber Security Awareness Training Case

Cyber Security Awareness Training (CSAT) typically falls into one of two types of presentations. The first is a detailed and thorough presentation delivered in a dry and clinical manner. While the content may be correct and extremely useful, participants are not motivated to engage the material. They too often walk away having learned nothing. The second is highly engaging, most often presented in the form of live video. While interesting and engaging, the presentation is light on content and the participant walks away knowing little more than when they started.

Inno-Versity’s CSAT sought to minimize these weaknesses by creating a content-rich, engaging story that motivated participants through a robust gamified learning experience.

The Cyber Security Awareness program is 6 modules in length with 3-5 levels within each module. The overall structure of this eLearning program was built on a story aimed at defeating the fictional hacker. The Game Structure includes adventure, role-playing, strategy, and simulation. Each module begins with a common cyber security situation faced by participants in their workplace. Throughout the module, participants study ways to avoid these issues and earn points based on their completion. Each gamification module contains various levels they must successfully complete to earn enough points to advance to the next module.

At the finale of the 6 modules, participants apply their points to a final "Face the Hacker" challenge one last time and through a variety of assessment scenarios, they must apply what they learned to defeat the hacker. If they meet this final goal, they win the game. If they are not able to beat the hacker, they are redirected to a menu of material for review based on the challenges they could not complete. By reviewing the material, they earn more points which they can reapply to the final challenge and try again.

Beyond the 6 initial modules, the real key to this program is the monthly follow-up material. Participants will receive monthly learning opportunities pushed to their inbox or through their Learning Management System. These learning opportunities will contain approximately 80% refresher material in addition to 20% new material to extend the application of the content or inform of potential new threats. The course assets were custom-made by Inno-Versity and included the creation of various characters designed and voiced along with music, custom animations that included whiteboard and 3D, and custom coding of game elements.

Essential Gamification Elements On This Case Study

Let’s dig deeper into the gamification elements. Because the modules were built as an actual game, multiple game elements were applied throughout. There are 3 in particular that will be of interest:

1. Loss And Avoidance

The major motivating factor in the game is the participants’ fear of losing their job or costing the company millions because of their actions. It is a powerful force. One of the modules also addresses working from home, and how this affects both corporate security but also their personal family’s safety. The scenario hits close to home. This game technique is called Rightful Heritage according to world-renowned gamification expert Yu-kai Chou. The learner realizes that they can lose something they “rightfully consider” theirs if they don’t apply the best practices in security to their home office. That’s because it affects the safety of their family as well.

2. Ownership And Possession

Another fairly straightforward theory that is foundational to this game is Ownership and Possession. Specifically this is the technique of Protector Quest in World of Warcraft. If you have to protect something, you form an attachment to it. In this case, the participants are working hard to protect themselves and their company from an attack from the hacker. This attachment motivates them to study and apply the best practices they are learning.

3. Development And Accomplishment

This game theory is probably the most common of any employed in games. Simply put, the participant is motivated to win, period. Below are a few specific techniques used in support of this theory.

  • Weep tune and high fives
    Music or graphics are used throughout the modules to create a feeling of suspense, loss, excitement, and victory.
  • Alfred effect
    Participants are able to personalize the game and customize their experience by choosing a course color and by inputting their name.
  • Two-way points
    The goal is larger than winning or accomplishment. The game focuses on allowing participants to both succeed and fail in multiple ways in order to learn at a deeper level. Participants earn points but can also lose them for incorrect answers. Not only is this motivating, but when participants do lose points, they are afforded the opportunity to relearn and then earn them back creating a deeper understanding of the content.


Within the actual learning program there are pre- and post-assessment scenarios. Learners participate in the pre-assessment to determine their skill level and then they are assigned a risk factor. Based on their score during the "Beat the Hacker" challenge at the end of the training (post-assessment scenario), they receive different levels and types of follow-up assignments.

The main objective of these learning modules is to lessen and, if possible, eliminate human error in hacking situations. Closing the door on hackers will save many jobs and millions of dollars. To accomplish this objective, Inno-Versity’s Cyber Security Awareness Training is thoroughly interesting, engaging, and challenging. Game design, story elements, and follow-up support ensure that participants both retain and apply the knowledge and skills they are gaining.

I hope you found this gamification case study useful. Download the eBook What Is eLearning Gamification And Why Is It Vital For L&D Professionals? to discover how to bring eLearning gamification to your learning with solid theory and great case studies. Also, join the webinar on the same topic and find out how to create a winning eLearning gamification strategy.

eBook Release: MindSpring
MindSpring is an award-winning agency focused on delivering engaging and transformative digital content. We create digital experiences using exceptional creativity, the best of learning science, and innovative technology. (Previously Inno-Versity)