Gamified security trainings prove to be engaging but lack effective security protection
The gamification of security training may not sufficiently protect companies against cybersecurity threats, new research from GetApp reveals. In a survey of more than 500 employees who report taking security training at least once each year, GetApp found that companies using gamified security training are often more vulnerable to security breaches than those employing traditional training methods.
Gamification, a tactic to make training sessions more engaging through competition, simulation, or other types of game playing, has been widely adopted by companies as a way to improve knowledge retention. And, it’s working: 90% of gamified security respondents report being at least moderately engaged compared to only 62% of non-gamified training respondents.
Read More: E2open Named A Leader In The 2021 Nucleus Control Tower Value Matrix For Seventh Consecutive Year
“To ensure security training is both engaging and effective, companies must first ensure that all relevant topics are covered and then identify subjects conducive to gamification.”
Despite the increased engagement in the security training, alarmingly, recipients of gamified security training reported security breaches at a much higher rate than those who received non-gamified security training:
- 82% of companies that use gamified training suffered phishing attacks, compared to only 67% of those that employed traditional training methods.
- 61% of companies that use gamified training suffered ransomware attacks, compared to only 29% of those that employed traditional training methods.
- 59% of companies that use gamified training suffered a data breach, compared to only 28% of those that employed traditional training methods.
Read More: SalesTechStar Interview With Mary Pat Donnellon, Chief Revenue Officer At CallRail
“Our research finds that companies using gamification for security awareness training tend to overlook basic topics that make a big difference in protecting against common cybersecurity threats,” says Zach Capers, Senior Analyst at GetApp. “To ensure security training is both engaging and effective, companies must first ensure that all relevant topics are covered and then identify subjects conducive to gamification.”
In comparison to traditional training, respondents who engaged in gamified training reported that gamified security training tended to overlook basic security topics such as password policies, data privacy, AUPs, and onsite security. Companies who reported running gamified security training also reported putting significantly more resources into gamified training than those providing traditional training. More than two in three (65%) employees who take gamified training report doing so more than once per year, compared to only 39% of those completing non-gamified training.