Gamification in Cyber Security Training is no game

/ 30 September 2019

Gamification is one of those terms that requires context, and without it it’s easily misunderstood. The Wikipedia definition is a good one: Gamification is the application of game-design elements and game principles in non-game contexts. It’s all about using game mechanics and game science to create an engaging, enjoyable two-way exchange of value. What it’s not about is somehow trivialising serious subjects, or using trickery to try to influence behaviour.

In areas like cyber security awareness training, this becomes an important point, because of course the broader context of the threat of security breaches involves subversive behaviour and trickery to provoke a human error, resulting in a crack in the human firewall.

Today, we ran a webinar called ‘How To Strengthen Your Human Firewall’ and we heard from guest speakers Jinan Budge from Forrester and Ellie Warner from Standard Chartered Bank, both of whom strongly advocated the use of gamification (and other techniques) to make cyber security awareness training less static and dry, and more rewarding and interactive. And when you consider the security imperative at one of the world’s largest banks, this is clearly not about fun and frippery. It’s about doing whatever it takes to ensure that employees learn the right behaviours to protect the organisation and its customers.

Jinan spoke persuasively about the way organisations are too focused on awareness – old school ‘teaching’ methods – instead of creating a culture of best practice and focusing on measuring changes in behaviours. She then outlined a four-step plan along with some specific initiatives that businesses should consider in order to make that step change in approach.

We were then lucky enough to have Ellie Warner, Global Head of Cyber Training, Awareness & Exercises at Standard Chartered Bank, talk about the Bank’s theCyberSpace project; a gamified engagement platform based on 3radical Voco, designed to enhance the way the organisation manages the human element of information and cyber security risk. The idea is that the Bank’s employees are engaged in an ongoing cyber security awareness programme that measures, inspires, and drives secure behaviour across all cyber touchpoints.There’s no question, in this climate of fear of the awful consequences of data breaches, that security is recognised as a critically important board level consideration. Technology investment is one thing, but humans remain the weakest link in the defensive wall. And while companies are investing in training programmes to raise awareness and understanding, they are not enough unless employees are properly engaged, and the currency of success is lasting behaviour change. A focus on the human aspects of cyber security improvements will ultimately secure both information and technology assets for the long term.

Gamification can play a key role in changing the way these programmes are architected and managed, and Standard Chartered Bank is leading the way with its theCyberSpace initiative, using 3radical Voco as a key component.

View the whole recorded webinar – How To Strengthen Your Human Firewall – today.

Our website uses cookies to help us to understand how you use it. By continuing to use our website you consent to our use of such cookies. For more information please read our privacy policy.