Why Implement Gamification Into Your Cybersecurity Training?

How Gamification Improves Cybersecurity Training
Summary: Cybersecurity training is an area that suffers from a lack of motivation and knowledge retention, despite being a key piece in strategies to reduce business risk. Gamification addresses these issues head-on, while still being a serious learning tool that can provide deep data on learners and integrate as a part of a bigger training program.

How Gamification Improves Cybersecurity Training

Cybersecurity is one of the most challenging types of training. Employee negligence has been long established as the biggest cybersecurity risk [1] for businesses. Following cybersecurity protocols dramatically lowers risk, but businesses have a difficult time convincing employees to remember and actually follow through on these practices. Good training is key to getting employees on board for cybersecurity, but in this area, good training is tricky. People tend to get stuck in their everyday internet habits and fail to understand what the big deal is if they use a less secure file transfer option, or dive into the company servers without a VPN. It is difficult to motivate employees to pay attention to protocol and integrate it into their everyday work lives.

Can you imagine employees changing their work habits after watching a boring video and answering some quiz questions? Me neither. This is where the benefits of gamification come in; this type of training is especially useful for changing the everyday habits of people who use it.

Understanding Gamification

Gamification is basically what it sounds like. It turns the learning experience of the user into a kind of game that motivates users to “play” with badges, levels, points, fun graphics, and interactive games—and even compete against other users. One of the first major mainstream applications of gamification was via an app called Habitica [2], an open-source project that turns the boring task of developing healthy habits into a fully-fledged community-based RPG game that includes custom characters and fighting monsters. Habitica was created in 2013 and has attracted over 4 million users who are achieving goals, from drinking enough water every day to tracking the progress of their work projects.

Gamification has since taken off and found a variety of applications, including in the eLearning environment. It can be as complex as Habitica or as simple as awarding “badges” to users as they complete tasks.

While gamification might not be the best model for every type of training—for example, there is not much to gamify about learning complex IP concepts—there are many uses for gamification in the eLearning environment. Building habits is one of the most successful uses of gamification, so it’s a perfect fit for cybersecurity training.

Gamification Can Increase Motivation

Increasing motivation can be about reframing how a task is seen, and gamification can do just that. Cybersecurity training is seen as a slog, but gamification can reframe it as a novel challenge. For example, a score leaderboard can establish some playful competition among coworkers. A simulation game in which users have to prevent a disaster by making the right choices can introduce some challenging fun into the workday. A game that users interact with on a daily basis, logging their cybersecurity wins, can offer a daily dose of cybersecurity-related dopamine.

As stated in this article about gamification and motivation at UX Planet [3], “Human beings have an inherent tendency to seek out novelty and challenges.”

The trick is that the gamification has to be thoughtfully designed. As a study published in the journal Computers in Human Behavior [4] found, any old gamification is not necessarily effective, but gamification elements help make tasks feel more meaningful—exactly the kind of effect businesses are looking for in cybersecurity training.

Finding a training partner who is experienced in creative, effective gamification is key to success in gamifying cybersecurity training.

Gamification Increases Knowledge Retention

Knowledge retention is an issue particular to cybersecurity training. There are plenty of everyday tasks where users are likely to consult a manual or ask questions if they fail to remember something. However, with cybersecurity, if users don’t remember which actions will increase risk, they can’t stop doing them. Additionally, cybersecurity best practices seem particularly prone to employee forgetfulness. According to a 2016 survey, 40% of executives [5] don’t fully know their own company’s cybersecurity protocols. If even the executives don’t know, then how do the rest of the employees have hope of preventing cybersecurity risk?

It just makes sense—more engaged learners will remember more from their learning sessions. However, there’s more to it than that.

The science shows that frequent feedback helps users better retain knowledge. Harvard researchers found that frequent quizzes maintained learner focus and increased knowledge retention.

Gamification, as a rule, is filled with this kind of frequent feedback. When playing simulator games, things go wrong when users make the wrong choices. When using a leaderboard, users see immediately how their performance compares to that of others. When using badges, users find out quickly whether they’ve earned the next level or not. Users learn right away when they’ve done something wrong and are given opportunities to “play again” and get it right. This creates lots of opportunities for frequent feedback in a way that’s fun rather than punishing.

On top of that, various studies have shown [6] that gamification has a positive effect on knowledge retention in a learning environment. Since knowledge retention needs to be a focus of cybersecurity training, gamification makes an excellent choice for a cybersecurity training program.

Gamification Is Measurable

Just because gamification is fun doesn’t make it any less serious of a training tool. Given the nature of how gamification tracks user progress through points, scores, and leaderboards, gamification is highly measurable. This makes it a great option for companies that want to closely track the progress and improvement of cybersecurity awareness in their employees.

A well-designed gamification program will have effective reporting and analytics integrated. Gamification can provide insightful data on learner behavior and training engagement. Working with an expert in gamification will help you understand how to best develop your program in order to record insightful, meaningful data on learners.

Gamification Is A Natural Fit for Cybersecurity Training

Cybersecurity training is an area that suffers from a lack of motivation and knowledge retention, despite being a key piece in strategies to reduce business risk. Gamification addresses these issues head-on, while still being a serious learning tool that can provide deep data on learners and integrate as a part of a bigger training program.

Considering the prevalence of cybersecurity risk, gamification is a worthy investment that will help preserve the integrity of your company’s computer systems. That’s an ROI that’s hard to ignore.


[1] The biggest cybersecurity risk to US businesses is employee negligence, study says

[2]  Motivate yourself to achieve your goals.

[3] Gamification: Motivation Model

[4] How gamification motivates: An experimental study of the effects of specific game design elements on psychological need satisfaction

[5] Cybersecurity Is Every Executive’s Job

[6] Can gamification help to improve education? Findings from a longitudinal study