An Overview of Gamified Information Security Training

Date post: 12-Apr-2017
An Overview

Of GAmified infOrmAtiOn

Security trAininG


dAtA BreAcheS:cOmmOn And cOStlyData Breaches are becoming increasingly common. A

study by Ponemon Institute found that 55% of companies

surveyed had a security incident or data breach due to

a malicious or negligent employee1. And according to

Ponemon Institute, there is a 26% probability of your

company having a material data breach involving 10,000

lost or stolen records over the next 24 months2.

The costs associated with data breaches are also rising.

Globally, the cost of a data breach increased from $3.79

million in 2014 to $4 million in 20152. And it’s even worse in

the US. The average cost of a data breach in the US increased

from $6.53 million in 2014 to $7.01 million in 20152. In

fact, the US had the highest data breach costs out of the 12

countries Ponemon interviewed2. Yet Information Security

training doesn’t seem to be a priority for many companies.



Only 35% of senior execs at companies surveyed by

Ponemon think it’s a priority for employees to know how

data security risks affect their organizations1. Despite the

fact that the top two insider risks facing companies are

careless or negligent employees that expose sensitive info

or succumb to targeting phishing attacks1.

In fact, only 45% of companies make training mandatory

for all employees1. And 60% of companies do not require

employees to retake security training courses following a

data breach1.

Security trAininG:Still nOt A PriOrity


The time for training is now. And with Cyber Security

Month coming up in October, there’s no better time to

start planning a refresher course on IS. But there are a few

obstacles that need to be overcome for your IS training to

have a lasting effect:

A. A fundamental aversion to information security content

B. Showing employees the relevance of IS to their jobs

C. Keeping employees awake during IS training

The best way to overcome these obstacles is

Game Based Training.

hOwGAme BASedtrAininG cAn helP1. It’s Engaging

Information Security is dull. No question about it.

Putting it in a game makes it much more engaging for

employees. And when they are engaged, they are more

likely to retain information.



2. It Puts Information Security in Perspective

Most of the time, employees think that IS is ITs

responsibility. They don’t get how it impacts their job,

and how simple things they do can have major impacts

on the business. Game Based Training can help make

those connections for employees. Scenarios show the

impact of IS policies on their day to day behaviours, and

the consequences for the entire organization when those

policies are ignored.

3. It Rewards Employees for Participating

Game Based Training not only makes it fun to engage with

the training, it provides a structure to reward employees

for doing so. You can reward employees for completing the

training, or reward top performers.

the BOttOm line

Information Security risks are real. And the costs for ignoring those risks are increasing every year. Employee training is the most effective way to decrease the chance of a security incident or data breach. But for

training to be effective, it needs to be engaging.

Game Based training makes Information Security

fun and rewards employees for participating.

It also puts security policies in perspective for

employees, showing them the impact of their

decisions on the organization as a whole.

Information Security is a team sport.Is your team ready?

