Industry insights

Gamification — Cybersecurity’s turn to play

January 18, 2021 by Tyler Schultz

Games are everywhere and we can’t stop playing them.

According to the Entertainment Software Association, over 214 million Americans play video games for at least one hour every week. The most interesting part? Everyone is playing. The average age of a video game player is between 35 and 44 years old.

Video games have blossomed into a $60+ billion market in the U.S. alone, but games go far beyond the controller, mouse and app store.

Reddit used game elements to turn a simple forum into one of the top social networking sites on the planet. Fitbit turned walking into a competition. And you know that taco shop punch card buried in your wallet? Even that’s a simple, albeit effective, game with the world’s greatest prize waiting for you after your tenth visit.

Games are everywhere, but is there room for gamification in the workplace — especially when it comes to vital business functions like security awareness and training? Let’s start at the beginning.

What is gamification

Gamification takes the experiences and rewards that make games fun and engaging and applies them to everyday situations and scenarios to educate or motivate behaviors.

Gamification can be as simple as adding a leaderboard to a training exercise so employees can compare scores or as complex as using a role-playing game with levels and challenges to help players build healthy habits and achieve life goals.

Gamification in cybersecurity

With that being said, is there really room for games when it comes to security? The short answer is yes, of course.

While you may not want to immerse your SOC team into virtual reality, there are plenty of reasons to gamify your cybersecurity efforts — especially your workforce’s cybersecurity education and training.

Gamification in education has a proven track record in everything from learning a second language to SAT prep and beyond. That’s because gamified learning takes passive education and makes it experiential. Instead of learning solely through materials or instructors, students or employees learn by doing as they play a game. Experiential learning increases engagement, boosts lesson retention and encourages learners to apply knowledge or behaviors in the real world.

gamification security awareness

This makes gamification perfect for security awareness and cyber skill training.

Gamification in security awareness

Traditional, corporate security awareness and training has the reputation of being a boring task employees dread completing. In many industries, security awareness is mandatory for every employee. This means security or training teams typically assign training once a year and have to track down employees to ensure everyone completes the required training.

Although many engaging and effective security awareness programs and plans exist, it is still a challenge to motivate employees to truly engage with their security awareness course, retain the knowledge and convert it into secure behaviors that help your organization detect and avoid security threats. Gamified security awareness and training takes these challenges head on.

For example, Infosec’s Choose Your Own Adventure® Security Awareness Games let learners play through various cybersecurity scenarios, make choices and see the rewards or consequences of their decisions. This not only makes security awareness fun and engaging, but it also makes learning experiential so employees are prepared if they run into a real security threat in the future.

Why gamification is effective

Gamification gives people additional reasons to complete tasks or adopt new behaviors that may otherwise feel difficult, uninteresting or inconsequential to the individual.

For one, games are fun. Turning a chore into an enjoyable game transforms completing a task into a fun or leisurely activity.

Games also provide rewards. This can come in the form of in-game achievements, badges, points or even the personal satisfaction of winning the game. These rewards make games competitive, which can serve both as a personal motivator and also a way for players to compare scores and experiences with other players.

Games also give players choices, which gives them control over the events and outcomes of the game. This personalizes the experience for every player and encourages them to form a closer and more personal connection with the objective or activity.

The beauty of games is they provide players motivation and enjoyment in many different ways. Some people play games to have fun or relax. Others are motivated by scores and objectives, while others crave the social component of many games.

That’s why gamification works. Gamification captures these motivations to create an enjoyable experience perfect for learning something new, retaining information or adopting specific behaviors.

Turning a task into a game gives people a host of reasons to not only participate, but to also take a personal stake in the activity. Gamification turns a student or employee into a player motivated by the objectives, rewards and outcomes of the game.


Games are everywhere and they’re here to stay. Gamifying education provides a more enjoyable experience for every learner and it gives them a reason to take a personal interest in their education. Gamifying cybersecurity training motivates employees to play an active role in preventing cyber threats at your organization.

In a world growing more gamified by the day, we say, let’s play.


Posted: January 18, 2021
Tyler Schultz
View Profile

Tyler Schultz is a marketing professional with over seven years of experience delivering SaaS solutions to organizations of all sizes. As a product marketing manager at Infosec, he is dedicated to helping organizations build strong cybersecurity cultures and meet their security awareness goals. He helps the Infosec team push the boundaries of effective and engaging security awareness training with a focus on experiential learning, gamification, microlearning and in-the-moment training. Tyler is a UW-Madison and UW-Whitewater graduate and Certified Security Awareness Practitioner (CSAP).