The 12 Best Security Awareness Games for Employees

18 October 2023 • Cyber security

Training your employees is the most impactful thing you can do to prevent hacks and data breaches. But old-school e-learning (a.k.a. death-by-powerpoint) is putting your employees to sleep.

That’s why security awareness games are on the rise. By adding gamification to training, the aim is to get employees engaged and teach them about modern cyber threats actively and playfully.

There are a ton of different types of games on the market, from crossword puzzles to digital escape rooms.

We’ve put together a list of the best cyber security awareness games to help you pick the solution that fits your organization best.

Top 12 cyber security awareness games for businesses

Guardey
Counterintelligence Trivia Twirl
The Weakest Link
Football Fever
Cyber Circus
Deepspace Danger
Targeted Attack: The Game
Cybersecurity Escape Room
Cyber Awareness Challenge 2024
Backdoors and Breaches
Riskio
Deloitte’s Security Awareness Escape Room

1. Guardey

In Guardey, users start their own fictional business. In the weekly challenges that take about 3 minutes each, they can either earn or lose money for that fictional business. After each question in the challenge, users get direct feedback about their answers, which helps them to learn actively.

By doing a short challenge every week, users slowly build up knowledge and are constantly reminder of cyber risks. Over time, this helps organizations to create lasting behavior change among employees.

The game covers a wide range of topics, put together by ethical hackers and educationalists. Topics include:

Phishing
Remote work
CEO fraud
AI risks
Smishing

Users compete against each other on a shared leaderboard. Here, they can see which team members have the best scores in the game. You can also earn badges along the way.

In Guardey’s learning management system, admins can track how their team is performing and can even add personalized challenges. If your organization is being targeted by a specific type of cyber attack, this enables you to train your team about that specific topic.

Pros

Weekly challenges to enable behavior change
Simulates real business repercussions (loss of money and reputation)
Gamification elements such as a leaderboard to increase engagement

Cons

It’s not free, but is affordable and offers a 14-day trial

2. Counterintelligence Trivia Twirl

In this trivia twirl, you get to spin the wheel like way back in the day. Once you’ve landed on a category, you get a set of multiple-choice questions about it. The questions are of high quality, but the categories don’t cover all the modern cyber threats. Also, the entire game can be played within 20 minutes — which doesn’t make this a solution for the long term, but more like a nice way to freshen up your knowledge once a year.

Aside from being the ability to spin the wheel — which is a nice touch — there are no significant gamification elements to engage users.

Pros:

It’s free
Spinning the wheel is a nice touch
The questions are challenging

Cons:

Very limited gamification elements
Not a long-term solution
Not all cyber threats are covered

3. The weakest link

The weakest link is a game created by IS Decisions. It’s a straightforward game with tough questions about the right topics. It takes a while to finish, but won’t last you for longer than an hour in total. That means it’s nice to freshen up your team’s knowledge every year or so, but not a solution that stimulates lasting behavior change.

A strong element of this game is the face that you get immediate feedback after each question — whether you answer right or wrong. This gives the user the chance to immediately learn from a mistake or understand why they were right. The feedback is elaborate and well-written.

Aside from that, the gaming elements are somewhat limited.

Pros:

It’s free
Instant feedback
The questions are challenging

Cons:

Limited gamification elements
Not a long-term solution

4. Football Fever

Football Fever is a security awareness game created by the Division of Information Technology. It was specially created for Texas A&M University students but is open to be played by anybody.

In the game, you are a part of the university’s American football team. During the game, this American football theme is constantly repeated. The link between cyber security and sports isn’t exactly clear, but it’s an entertaining touch nonetheless. Instead of pressing ‘submit’, you answer a question by clicking ‘run play’, which is clever. If you answer a question wrong (”Interception!”), you get direct feedback.

Pros:

It’s free
You receive instant feedback

Cons:

The American football story arch is a misfit
Limited gamification elements
Not a long-term solution
Not a fit for organizations

5. Cyber Circus

The Texas A&M University created another security awareness game called ‘Cyber Circus’. And yes, the gamification is based on a circus. It’s a game for university students that, again, can also be played by anybody outside of the school.

Students who play three out of four games receive a food coupon, which probably is a great way to stimulate participation among students. For regular users, especially organizations, there isn’t a reward.

The story is based on a circus, which is a nice element that makes the game more entertaining to play but doesn’t teach users about the true risks for organizations.

The Hoop Shoot game is our favorite. Every time you answer a question correctly, you get to shoot a basketball. Not a great idea for anybody who tends to lose all their savings at the yearly fair.

Pros:

It’s free
The games are entertainin
You receive instant feedback

Cons:

The circus story arch is unrealistic
Not a long-term solution
Not a fit for professional organizations

6. Deepspace Danger

The following game was created by Infosec: Deepspace Danger. The game takes place in outer space and is introduced by long videos animated videos. The animations are impressive but a little long-winded too.

While your spacecraft is hit by a meteor, your colleague needs to leave to repair the hole that it made to prevent any further oxygen leakage. You are left alone to look after ‘Pat’, the computer that contains personal data for every being in the solar system.

After every bit of video, you get a multiple-choice question. It’s an interesting way to learn and well put together, but it makes for a somewhat passive learning experience after a while.

The outer space theme is creative, but it doesn’t relate directly to real-life organizations. So we’re not sure how effective it is to create lasting behavior change.

Pros:

The animations look great
You get direct feedback in video format

Cons:

The outer space story arch is unrelatable
The videos are well-crafted, but a bit long-winded
Pricing is unclear

7. Targeted Attack

Targeted Attacks by Trend Micro is a game that looks like it was created in Hollywood. Just like Deepspace Danger, it is based on a lot of video material that takes you through a story. In this case, it’s about an actual business, which is a big plus. The acting is surprisingly good too. The background music will have you thinking you’re in the middle of a James Bond movie.

An extra gamification element that we appreciate is the fact you get a cyber security budget at the beginning of the game. This budget is represented by the red dots in the top-left corner of your screen.

The videos are long-winded and time-consuming. Even though the acting is good, you tend to skip through it. We expect this is especially the case once your employees need to do this. The ‘skip section’ gets you right to the next question, but then you might miss some of the context from the video.

The questions seem to be focused on cybersecurity professionals. During the game, you play as a CISO character. This means the game isn’t exactly suitable for the entire organization.

The game can only be played once, but depending on the choices you make throughout, the scenarios can change. However, once you’ve finally played it and got to a happy ending, it’s no longer useful to play it again.

Pros:

The game is free
Extremely high production value
You get direct feedback in video format
Relatable storyline for businesses

Cons:

Made specially for cyber security professionals
The videos are well-crafted, but a bit long-winded
It’s not a long-term training solution

8. Cybersecurity Escape Room

Who doesn’t love a good escape room? That’s why Living Security decided to build an escape room to train cyber security awareness. In the game, you and your teammates solve cyber puzzles. If you do it right and faster than the other team, you win the game. Note: this is not a physical escape room, but a digital one.

There is no free trial so you have to request a demo to learn more about the inner workings of this game. But here are our pros and cons looking from the outside in:

Pros

Collaboration with your colleagues
A strong competitive element increases engagement

Cons

Need to request a demo to see the game
No pricing information
The teamwork element requires planning and is time-consuming

9. Cyber Awareness Challenge 2024

The Cyber Awareness Challenge was created by the US Department of Defense. The game has a nostalgic look (Windows 98-ish). It’s built on top of animated videos and takes you through a wide range of topics, such as social engineering, malicious code, and removable media. Especially for a challenge made for 2024, it’s interesting how there is no content about AI to be found.

The game is a little difficult to navigate and the videos that explain everything are extremely long-winded. This makes for a slow learning experience that is time-consuming for your employees.

Pros

It’s free
There is a wide range of topics
The storyline is based on an actual business

Cons

The videos are very long-winded
The design is outdated

10. Backdoors and Breaches

After covering digital options only so far, it’s time for an analog game. This card game contains 52 cards that help you set up incident response exercises. In total, there are 3840 incident scenarios.

Users earn tactics that cyber criminals use and the tools and methods that they need to maintain cyber security.

It was made for cyber security teams to play together and keep each other on their toes. However, due to the level of the challenges, it’s not suitable to train the security awareness of your entire organization.

Pros

Affordable
Huge amount of possible incident scenarios
Useful for cyber security experts

Cons

Not made for regular employees
Time-consuming
High complexity

11. Riskio

Riskio is another tabletop game that was designed to boost cyber security awareness for a wide audience, spanning from non-technical individuals to IT experts.

To play this game, you need between 3 to 5 players, one of them being a cyber security expert to lead you through it. It’s a great way to do team building and improve your cyber security chops at the same time.

Unless you have a lot of spare time during working hours (and who of us ever do), it’s a bit too time-consuming to play this game regularly. But if you decide to do it every once in a while (say 6 months), it’s a good way to freshen up your security knowledge.

Pros

Affordable
Boosts team spirit
Made for all skill levels

Cons

Time-consuming
You need at least one cyber security expert to play
Not a long-term solution for lasting behavior change

12. Deloitte’s Security Awareness Escape Room

Deloitte has developed a real-life escape room game, in which participants need to unlock a laptop that has been infected with ransomware. The challenges cover topics such as:

Phishing mails
Social engineering
Data classification
Data sharing

It’s an entertaining and effective way to learn that’s also good for team spirit. On the other hand, it’s quite pricey (at least $6000 for a day, including set-up) and obviously not a suitable solution for regular training.

Pros

Covers a wide range of topics
Very engaging training method
Improves team spirit

Cons

Relatively expensive
Not a solution for regular training
Time-consuming

What makes a security awareness game effective?

Security awareness games are gaining popularity, but how do you decide on which one to pick? When trying out options from the list above, keep the following aspects in mind.

Multiple gamification elements

Make sure the game you pick is more than just a quiz. The more gamification elements are included, such as a leaderboard, badges, and story arcs, the more engaging and effective the game is.

Recurring challenges

To establish behavior change, your team needs to be trained regularly. Often, training only happens once a year. After a week or two, most of the information has been long forgotten. That’s why you need to seek out a game that offers regular challenges to build up security knowledge slowly over time.

Realistic story arcs

Most games are built on a story arc. In the examples above, there are story arcs based on sports, space and even on a circus. But when the story arc is actually relatable to the situation of the organization and the employee who plays the game, it becomes way more effective. The game should make them think about situations that can or have occurred during their work.

Short and sweet

Attention spans are short and schedules are full. Don’t expect your employees to engage in regular training that takes them more than 10 minutes at a time. This may force them to play the game during their break or even after work. Try to find a game that offers regular gameplay that takes 5 minutes or less.

Direct feedback

What is lacking in a lot of security awareness games is direct feedback. Often, users get to answer a bunch of quiz questions and get their score at the end. The only thing this teaches users is what their level of security knowledge is, but not what they need to learn. This is why there should always be direct feedback after you do things right or wrong in the game.

Wide range of topics

Many games are focused on a few topics. Often, phishing gets the most attention, simply because it’s the most prevalent cyber risk out there. However, hackers are constantly developing new ways to attack companies. And your employees need to be aware of all of them to stay safe. Here’s just a small grab of all the other topics that should be covered in detail:

Smishing
CEO fraud
Updating software
Safe passwords
Two-factor authentication
Remote work
Removable media
Malware
Ransomware

Conclusion

There is a wide range of security awareness games on the market. By browsing through the list above, you’ll learn which solution fits your organization best. Make sure to keep in mind what your goal for the training is.

For a security awareness game that aims for lasting behavior change among employees, consider using Guardey. It offers a complete program that covers all modern security threats and comes with a set of gamification elements that keeps your team engaged.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The 12 best security awareness games for employees in 2023