Gamified security trainings prove to be engaging but lack effective security protection

STAMFORD, Conn.–(BUSINESS WIRE)–The gamification of security training may not sufficiently protect companies against cybersecurity threats, new research from GetApp reveals. In a survey of more than 500 employees who report taking security training at least once each year, GetApp found that companies using gamified security training are often more vulnerable to security breaches than those employing traditional training methods.

Gamification, a tactic to make training sessions more engaging through competition, simulation, or other types of game playing, has been widely adopted by companies as a way to improve knowledge retention. And, it’s working: 90% of gamified security respondents report being at least moderately engaged compared to only 62% of non-gamified training respondents.

Despite the increased engagement in the security training, alarmingly, recipients of gamified security training reported security breaches at a much higher rate than those who received non-gamified security training:

  • 82% of companies that use gamified training suffered phishing attacks, compared to only 67% of those that employed traditional training methods.
  • 61% of companies that use gamified training suffered ransomware attacks, compared to only 29% of those that employed traditional training methods.
  • 59% of companies that use gamified training suffered a data breach, compared to only 28% of those that employed traditional training methods.

“Our research finds that companies using gamification for security awareness training tend to overlook basic topics that make a big difference in protecting against common cybersecurity threats,” says Zach Capers, Senior Analyst at GetApp. “To ensure security training is both engaging and effective, companies must first ensure that all relevant topics are covered and then identify subjects conducive to gamification.”

In comparison to traditional training, respondents who engaged in gamified training reported that gamified security training tended to overlook basic security topics such as password policies, data privacy, AUPs, and onsite security. Companies who reported running gamified security training also reported putting significantly more resources into gamified training than those providing traditional training. More than two in three (65%) employees who take gamified training report doing so more than once per year, compared to only 39% of those completing non-gamified training.

In an effort to incorporate innovative technology to their training programs, companies must not forgo the basics. To access more resources on how to create a cybersecurity awareness program, visit GetApp.com

About GetApp

GetApp is the recommendation engine SMBs need to make the right software choice. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. GetApp is a Gartner company. For more information, visit www.getapp.com.

Survey Methodology

GetApp’s Security Awareness Training Survey was conducted November 2-4, 2021 among 573 respondents to learn more about security training practices at U.S. companies. All respondents indicated full employment and that they engage in security awareness training at least once per year.

Contacts

Madison Martini

PR@getapp.com