3 reasons to consider gamification as part of your security awareness campaigns

By improving security awareness, behaviours and culture, gamification can empower people to prevent even the most innovative emerging threats

What is gamification?

Gamification is the application of gaming techniques to any non-gaming environment. It can be applied to learning and development, marketing, recruitment, fitness (known as “exergaming” – think Fitbit challenges) and, of course, security awareness campaigns – which we’ll come back to shortly.

Typical game-playing elements include point scoring, competition and rules of play. Points, levels and awards all make boring tasks more fun so, instead of putting off unsavoury “chores”, people are instead motivated to jump in, get going and maybe even achieve a new high score.

When applied to security awareness campaigns, gamification is a great example of combining the power of people and technology to enhance cyber resilience.

Why is gamification becoming popular?

Gamification plays on our psychological desires for status, achievement and to be part of an inclusive social community. Most gamification resources reward individuals for completing tasks and incorporate a leaderboard, compelling people to strive for further improvement. Combined, the elements result in “games” with high levels of engagement.

Psychological drivers aside, the rising popularity of gamification can also be partly attributed to cultural change. 

Today, most people access information through their phones, tablets and laptops, engaging with new material for around 100 minutes every day. What’s more, today’s typical labour forces include the device-driven millennial generation – people born between 1981 and 1996 (at the time of writing, those between 23 and 38 years old). As such, employers need to meet millennial learning needs.

Research has shown that millennials tend to like short, sharp messages that can be understood quickly, and that are delivered in a fun, interesting and stimulating way. 

Gamification fits the bill perfectly.

 

Why include gamification in your security awareness campaigns?

Both CybSafe and The Security Company believe gamification can enhance the cyber resilience of even the biggest multinationals – for at least three reasons.

 

  1. People like to compete

It’s sometimes difficult to advance people’s cyber security awareness, let alone change their cyber security behaviours.

Gamification can replicate real-life situations to drive behaviour change. Instant feedback allows learners to experiment and fail in a safe environment. A well-designed programme can even use “levelling” to change people’s behaviour, building on their past success and challenging them further.

For people who thrive on competition and achievement, things like time limits or beating high scores can nudge them to change their behaviour without even realising. 

 

  1. People like to win

Gamifying security awareness campaigns capitalises on people’s desires for achievement and success.

As a learning and development tool, gamification delivers messages in a format that encourages involvement, engagement and attention. Gamification can bring life to topics such as classification levels, cyber security risks, phishing emails, passwords and cloud-based storage. 

 

  1. People like rewards

Games trigger higher levels of engagement by inviting people to take part in rewarding experiences that can even be incentivised.

Pokémon Go!, for example, rewards its users with higher-level Pokémon for walking greater distances – an example of “exergaming” and applying game mechanics to fitness. Had you asked those same people to walk great distances without any incentive or reward, you would probably find yourself out of luck. Such is the power of gamification.

 

In summary

Using gamification in your security awareness campaigns can increase security engagement and prompt significant behaviour change, empowering people to prevent never-before-seen emerging threats. 

Gamification is another example of how pairing people with technology can enhance cyber resilience – something both CybSafe and The Security Company wholeheartedly advocate.