The 16 best security awareness games for employees in 2024

Training your employees is the most impactful thing you can do to prevent hacks and data breaches. But old-school e-learning (a.k.a. death-by-powerpoint) is putting your employees to sleep.

That’s why security awareness games are on the rise. By adding gamification to training, the aim is to get employees engaged and teach them about modern cyber threats actively and playfully.

There are a ton of different types of games on the market, from crossword puzzles to digital escape rooms.

We’ve put together a list of the best cyber security awareness games to help you pick the solution that fits your organization best.

Top 16 cyber security awareness games for businesses

1. Guardey
2. Counterintelligence Trivia Twirl
3. The Weakest Link
4. Football Fever
5. Cyber Circus
6. Deepspace Danger
7. Targeted Attack: The Game
8. Cybersecurity Escape Room
9. Cyber Awareness Challenge 2024
10. Backdoors and Breaches
11. Riskio
12. Deloitte’s Security Awareness Escape Room
13. 40 short quizzes by Proprofs
14. Hacktale
15. Cyberstart
16. Missing Link

1. Guardey

Guardey is a security awareness solution that uses gamification elements to keep users engaged throughout their training experience. Users take on weekly micro-challenges that take up to 3 minutes to complete. During these challenges, they learn about a wide variety of topics, including:

• Phishing
• Device security
• CEO fraud
• Deepfakes
• Password security

When users perform well during challenges, they score points for the company-wide or department-wide leaderboard. This creates an element of friendly competition between colleagues which has proven to boost participation and engagement. Some organizations choose to attach prizes to quarterly winners to improve this even further.

→ Learn how Delta Wines improves security awareness with Guardey

Admins can add custom content to Guardey’s challenge to ensure their organization’s security policies are reflected. They can also use industry-specific content packages from Guardey’s library.

In the reports section, you can keep a pulse on your team’s learning progress. Here, you can track metrics such as participation rate and scores per team and per individual. With the weekly reports that are sent via email, you can prove compliance with security standards such as NIS2, ISO 27001, and more.

Pros

• Weekly challenges to enable behavior change
• Simulates real business repercussions (loss of money and reputation)
• Gamification elements such as a leaderboard to increase engagement

Cons

• It’s not free, but is affordable and offers a 14-day trial

Start a 14-day free Guardey trial

2. Counterintelligence Trivia Twirl

In this trivia twirl, you get to spin the wheel like way back in the day. Once you’ve landed on a category, you get a set of multiple-choice questions about it. The questions are of high quality, but the categories don’t cover all the modern cyber threats. Also, the entire game can be played within 20 minutes — which doesn’t make this a solution for the long term, but more like a nice way to freshen up your knowledge once a year.

Aside from being the ability to spin the wheel — which is a nice touch — there are no significant gamification elements to engage users.

Pros:

• It’s free
• Spinning the wheel is a nice touch
• The questions are challenging

Cons:

• Very limited gamification elements
• Not a long-term solution
• Not all cyber threats are covered

3. The weakest link

The weakest link is a game created by IS Decisions. It’s a straightforward game with tough questions about the right topics. It takes a while to finish, but won’t last you for longer than an hour in total. That means it’s nice to freshen up your team’s knowledge every year or so, but not a solution that stimulates lasting behavior change.

A strong element of this game is the face that you get immediate feedback after each question — whether you answer right or wrong. This gives the user the chance to immediately learn from a mistake or understand why they were right. The feedback is elaborate and well-written.

Aside from that, the gaming elements are somewhat limited.

Pros:

• It’s free
• Instant feedback
• The questions are challenging

Cons:

• Limited gamification elements
• Not a long-term solution

4. Football Fever

Football Fever is a security awareness game created by the Division of Information Technology. It was specially created for Texas A&M University students but is open to be played by anybody.

In the game, you are a part of the university’s American football team. During the game, this American football theme is constantly repeated. The link between cyber security and sports isn’t exactly clear, but it’s an entertaining touch nonetheless. Instead of pressing ‘submit’, you answer a question by clicking ‘run play’, which is clever. If you answer a question wrong (”Interception!”), you get direct feedback.

Pros:

• It’s free
• You receive instant feedback

Cons:

• The American football story arch is a misfit
• Limited gamification elements
• Not a long-term solution
• Not a fit for organizations

5. Cyber Circus

The Texas A&M University created another security awareness game called ‘Cyber Circus’. And yes, the gamification is based on a circus. It’s a game for university students that, again, can also be played by anybody outside of the school.

Students who play three out of four games receive a food coupon, which probably is a great way to stimulate participation among students. For regular users, especially organizations, there isn’t a reward.

The story is based on a circus, which is a nice element that makes the game more entertaining to play but doesn’t teach users about the true risks for organizations.

The Hoop Shoot game is our favorite. Every time you answer a question correctly, you get to shoot a basketball. Not a great idea for anybody who tends to lose all their savings at the yearly fair.

Pros:

• It’s free
• The games are entertainin
• You receive instant feedback

Cons:

• The circus story arch is unrealistic
• Not a long-term solution
• Not a fit for professional organizations

6. Deepspace Danger

The following cyber security awareness game for employees was created by Infosec: Deepspace Danger. The game takes place in outer space and is introduced by long videos animated videos. The animations are impressive but a little long-winded too.

While your spacecraft is hit by a meteor, your colleague needs to leave to repair the hole that it made to prevent any further oxygen leakage. You are left alone to look after ‘Pat’, the computer that contains personal data for every being in the solar system.

After every bit of video, you get a multiple-choice question. It’s an interesting way to learn and well put together, but it makes for a somewhat passive learning experience after a while.

The outer space theme is creative, but it doesn’t relate directly to real-life organizations. So we’re not sure how effective it is to create lasting behavior change.

Pros:

• The animations look great
• You get direct feedback in video format

Cons:

• The outer space story arch is unrelatable
• The videos are well-crafted, but a bit long-winded
• Pricing is unclear

7. Targeted Attack

Targeted Attacks by Trend Micro is a game that looks like it was created in Hollywood. Just like Deepspace Danger, it is based on a lot of video material that takes you through a story. In this case, it’s about an actual business, which is a big plus. The acting is surprisingly good too. The background music will have you thinking you’re in the middle of a James Bond movie.

An extra gamification element that we appreciate is the fact you get a cyber security budget at the beginning of the game. This budget is represented by the red dots in the top-left corner of your screen.

The videos are long-winded and time-consuming. Even though the acting is good, you tend to skip through it. We expect this is especially the case once your employees need to do this. The ‘skip section’ gets you right to the next question, but then you might miss some of the context from the video.

The questions seem to be focused on cybersecurity professionals. During the game, you play as a CISO character. This means the game isn’t exactly suitable for the entire organization.

The game can only be played once, but depending on the choices you make throughout, the scenarios can change. However, once you’ve finally played it and got to a happy ending, it’s no longer useful to play it again.

Pros:

• The game is free
• Extremely high production value
• You get direct feedback in video format
• Relatable storyline for businesses

Cons:

• Made specially for cyber security professionals
• The videos are well-crafted, but a bit long-winded
• It’s not a long-term training solution

8. Cybersecurity Escape Room

Who doesn’t love a good escape room? That’s why Living Security decided to build an escape room to train cyber security awareness. In the game, you and your teammates solve cyber puzzles. If you do it right and faster than the other team, you win the game. Note: this is not a physical escape room, but a digital one.

There is no free trial so you have to request a demo to learn more about the inner workings of this game. But here are our pros and cons looking from the outside in:

Pros

• Collaboration with your colleagues
• A strong competitive element increases engagement

Cons

• Need to request a demo to see the game
• No pricing information
• The teamwork element requires planning and is time-consuming

9. Cyber Awareness Challenge 2024

The Cyber Awareness Challenge was created by the US Department of Defense. The game has a nostalgic look (Windows 98-ish). It’s built on top of animated videos and takes you through a wide range of topics, such as social engineering, malicious code, and removable media. Especially for a challenge made for 2024, it’s interesting how there is no content about AI to be found.

The game is a little difficult to navigate and the videos that explain everything are extremely long-winded. This makes for a slow learning experience that is time-consuming for your employees.

Pros

• It’s free
• There is a wide range of topics
• The storyline is based on an actual business

Cons

• The videos are very long-winded
• The design is outdated

10. Backdoors and Breaches

After covering digital options only so far, it’s time for an analog game. This card game contains 52 cards that help you set up incident response exercises. In total, there are 3840 incident scenarios.

Users earn tactics that cyber criminals use and the tools and methods that they need to maintain cyber security.

It was made for cyber security teams to play together and keep each other on their toes. However, due to the level of the challenges, it’s not suitable to train the security awareness of your entire organization.

Pros

• Affordable
• Huge amount of possible incident scenarios
• Useful for cyber security experts

Cons

• Not made for regular employees
• Time-consuming
• High complexity

11. Riskio

Riskio is another tabletop game that was designed to boost cyber security awareness for a wide audience, spanning from non-technical individuals to IT experts.

To play this game, you need between 3 to 5 players, one of them being a cyber security expert to lead you through it. It’s a great way to do team building and improve your cyber security chops at the same time.

Unless you have a lot of spare time during working hours (and who of us ever do), it’s a bit too time-consuming to play this game regularly. But if you decide to do it every once in a while (say 6 months), it’s a good way to freshen up your security knowledge.

Pros

• Affordable
• Boosts team spirit
• Made for all skill levels

Cons

• Time-consuming
• You need at least one cyber security expert to play
• Not a long-term solution for lasting behavior change

12. Deloitte’s Security Awareness Escape Room

Deloitte has developed a real-life escape room game, in which participants need to unlock a laptop that has been infected with ransomware. The challenges cover topics such as:

• Phishing mails
• Social engineering
• Data classification
• Data sharing

It’s an entertaining and effective way to learn that’s also good for team spirit. On the other hand, it’s quite pricey (at least $6000 for a day, including set-up) and obviously not a suitable solution for regular training.

Pros

• Covers a wide range of topics
• Very engaging training method
• Improves team spirit

Cons

• Relatively expensive
• Not a solution for regular training
• Time-consuming

13. 40 short quizzes by Proprofs

If you’re into quizzes, ProProfs has 40+ cyber security tests waiting for you to be played. The ones we’ve tried out (not all of them, we’ll admit), were pretty good, but it depends on which one you pick.

ProProfs is a tool that enables its users to build quizzes, meaning the 40 quizzes you see on their page could be made by anybody.

However, if you’re looking for a quick quiz for a one-time event, you may find yourself a nice free option amongst Proprofs’ list.

Pros

• Lots of different quizzes to choose from
• User-generated, from different fields
• Free

Cons

• Unclear if the content has been checked on quality
• Not for organizations, but useful for one-time usage
• No reporting

14. Hacktale

Hacktale is a security awareness training game built for (up-and-coming) cyber security professionals. You start the game in a meeting where the team finds out about the website being hacked. Your lovely, yet firm, CEO tells you to get it fixed immediately.

It’s a long-winded game and the cartoons are a bit outdated. Besides that, you’re not challenged. You only have to click through the story, but are not once asked to answer questions or solve problems.

We wouldn’t suggest this game, even though the content itself seems to be of good quality.

Pros

• Free

Cons

• Made for cyber sec professionals
• Outdated animations
• Slow storytelling

15. Cyberstart

Cyberstart is also a game that was built for cybersec professionals. This means it’s not interesting for the average employee.

However, if you want to make a start in cyber security, this may be a great place to take in your first experiences. The game is fun to play and the questions are fun to answer. If you don’t know the answer to a specific challenge, you can ask for a tip to help you out. If you do this too much, it’ll cost you points.

Accompanied with every challenge comes an explanation video that gives you in-depth background information about the topic.

Pros

• Fun gameplay
• Free trial

Cons

• Made for cyber security professionals — not useful for employees
• Not for regular usage
• No reporting capabilities

16. Missing Link

This game is a fun one to play for one time only. It’s not a recurring solution but does a really good job of putting together quiz questions. In the example above, you can see an example of a phishing email. You are asked to point out the clues that show this is a phishing mail. After you’ve done this, you get a clear explanation of each clue on the right side of the screen. This makes for a fun learning experience.

The game is limited to recognizing phishing messages only. Great if that’s your goal, but it makes for a limited learning experience, as other cyber security topics aren’t mentioned at all.

Pros

• Free to play
• Fun learning experience

Cons

• Not for organizations
• Only focuses on phishing
• Only for one-time usage

What makes a security awareness game effective?

Security awareness games are gaining popularity, but how do you decide on which one to pick? When trying out options from the list above, keep the following aspects in mind.

Multiple gamification elements

Make sure the game you pick is more than just a quiz. The more gamification elements are included, such as a leaderboard, badges, and story arcs, the more engaging and effective the game is.

Recurring challenges

To establish behavior change, your team needs to be trained regularly. Often, training only happens once a year. After a week or two, most of the information has been long forgotten. That’s why you need to seek out a game that offers regular challenges to build up security knowledge slowly over time.

Realistic story arcs

Most games are built on a story arc. In the examples above, there are story arcs based on sports, space and even on a circus. But when the story arc is actually relatable to the situation of the organization and the employee who plays the game, it becomes way more effective. The game should make them think about situations that can or have occurred during their work.

Short and sweet

Attention spans are short and schedules are full. Don’t expect your employees to engage in regular training that takes them more than 10 minutes at a time. This may force them to play the game during their break or even after work. Try to find a game that offers regular gameplay that takes 5 minutes or less.

Direct feedback

What is lacking in a lot of security awareness games is direct feedback. Often, users get to answer a bunch of quiz questions and get their score at the end. The only thing this teaches users is what their level of security knowledge is, but not what they need to learn. This is why there should always be direct feedback after you do things right or wrong in the game.

Wide range of topics

Many games are focused on a few topics. Often, phishing gets the most attention, simply because it’s the most prevalent cyber risk out there. However, hackers are constantly developing new ways to attack companies. And your employees need to be aware of all of them to stay safe. Here’s just a small grab of all the other topics that should be covered in detail:

• Smishing
• CEO fraud
• Updating software
• Safe passwords
• Two-factor authentication
• Remote work
• Removable media
• Malware
• Ransomware

Conclusion

There is a wide range of security awareness games on the market. By browsing through the list above, you’ll learn which solution fits your organization best. Make sure to keep in mind what your goal for the training is.

For a security awareness game that aims for lasting behavior change among employees, consider using Guardey. It offers a complete program that covers all modern security threats and comes with a set of gamification elements that keeps your team engaged.