EXECUTIVE SUMMARY:

Trying to get employees to blend cybersecurity measures into their daily routines? Gamify it.

The majority of employees, 77%, report that game based training is more effective than regular education and training campaigns.

Employees often side-step cybersecurity protocols, citing other priorities, but CISOs must convince employees to comply somehow, or risk running the business into the ground.

Impressively, “in our experience, we have seen a dramatic improvement in cybersecurity posture due to gamification, e.g., mean-time-to-patch for critical CVEs dropping from 30 days to four hours,” writes Threatpost.

The CISO can serve as the “gamemaster,” and can make the first move by identifying ‘risk-owners’ (employees with access credentials, or high value assets on their machines). When risk-owners correctly comply with cybersecurity related directives, and meet goals, they are awarded points by the gamemaster.

With online gamification platforms, participants’ task completion and points earned can easily be tracked and tallied. Giving employees physically tangible rewards for participation, like certificates or trophies, reinforces the value of their efforts, and empowers employees to continue successfully managing their small portion of cyber risk.

To incentivize people to continue competing, broadcast the game’s scores during all-hands calls, or at other company-wide gatherings. “Companies can even consider monthly, quarterly or even annual recognition of top performers with a prize. What employee would not want to participate in cybersecurity posture transformation if there was a chance of winning an all-expenses paid trip to Hawaii?”

Seriously, a trip to Hawaii for a family of four is far less expensive than the average cost of a cyber attack, which hovers around $1.7 million.

To learn more about the real-world implications of gamifying your cyber awareness program, please visit Threatpost.