Gamification of cyber security awareness training for phishing against university students

Users are the main source of Cyber Security breaches. However, Cyber Security Awareness training is viewed as useless and uninteresting by the users. These users feel as if the training is a secondary task, an obstruction, or a distraction from their primary work. This apathy poses a risk to organizations, as Cyber Security breaches cost businesses combined billions a year. Gamification can provide the solution by giving an engaging and interactive alternative to these mandated training sessions. A vulnerable subset of these users is university students. Research suggests these students are the most likely to be fooled by a phishing attack. Although there are already many Serious Games available, this paper focusses on designing an interesting and engaging gamified method of training. This game was created specific to university students. The novelty of this research can be found in its form and competitiveness. Finally, this training was evaluated against non-trained users. The analysis of the results of the survey adds to the scientific body of knowledge on phishing prevention training. Additionally, the Serious Game developed to test this approach can be added to the collection of games out there, narrowing the field of missing games based on phishing