Schedule a Demo
Back to Resource Center

The 5 best insider threat awareness quizzes

When we hear about information security, we often think of protecting an organization from the outside. But insider threats make up for about 30% of all data breaches. Whether it’s a true insider or an external bad actor posing as an insider, training your employees to spot and report insider threats is key.

The most effective way to train insider threat awareness is with gamification. This helps employees to stay engaged during training while learning about the most important topics.

In this article, we have ranked the best insider threat awareness quizzes for organizations.

Top insider threat awareness tests

  • Guardey
  • CDSE
  • Quizlet
  • Proofpoint
  • KnowBe4

1. Guardey

Guardey is a security awareness training platform built on gamification principles. During regular quizzes, employees learn about topics such as insider threats, phishing, password safety, and more.

Aside from the quiz, Guardey uses gamification elements to keep users engaged. On the leaderboard, colleagues can battle for the number one position. Guardey also uses a compelling storyline that makes the quiz content relatable and understandable.

Since every organization has its own security policy, admins can create their own quizzes within Guardey with custom content. You can also use user-generated content made by CISOs that are active in your specific industry.


The Center for Development of Security Excellence (CDSE), which is a part of the American department of defense, has created a course that teaches users about insider threats. If you complete it with a score over 75%, you receive a certificate.

Before you get a question or challenge, you get some information. The design of that page looks somewhat like a powerpoint presentation. The quiz also comes with audio, meaning a voice reads all the text on the page out loud.

Overall, this quiz feels somewhat outdated but comes with relevant information about insider threats. It can’t be played on a regular basis, but is useful for a one-time eye-opener for you and your colleagues.

3. DoD Insider Threat Awareness Quiz on Quizlet

We came across this user-generated quiz on Quizlet that we enjoyed. We don’t know who created it, but it’s definitely worth checking out.

It works more so as a flashcard game, which you can use to get your team members to discuss insider threats. It comes with a bunch of questions, but doesn’t give you the right answer. However, it enables you to think about all the right topics when it comes to insider threats, which is a valuable practice.

Is this a quiz you can offer your employees to regularly increase awareness and learn some facts about insider threats? Not necessarily. But it can be very useful for a brainstorm session about security.

4. Hoxhunt

Hoxhunt is a human risk management platform for enterprise organizations. During bite-sized training sessions, employees learn to recognize cyber risks such as insider threats.

Many organizations seem to use it for its phishing simulation product, but Hoxhunt’s security awareness training product is also good. It uses some gamification elements, such as the ability to win ‘shields’, that makes it more fun for employees to play on a long term basis.

Hoxhunt doesn’t offer a free trial, so you’ll need to request a demo to experience it for yourself.

5. KnowBe4

KnowBe4 is probably the most well-known brand name in this list. It offers a wide range of learning modules on any security awareness topic you can think of, including insider threat awareness.

The UX and learning style is a tad bit outdated, but that doesn’t need to be a dealbreaker for every organization. What could be a dealbreaker, is that you need to handpick each module. This is often fine for enterprises with a cyber security team, but not suitable for organizations without one.

What exactly is an insider threat and why is awareness important?

An insider threat refers to a person within your organization with access to important resources. These resources could be personnel, information, equipment, networks, or your facilities.

Cyber security efforts are usually focused on protecting your resources from external threats. But more often than you may think, these threats can come from within.

A few examples of what your employees need to learn about insider threat awareness:

  • When a marketing employee leaves the company, access to social media accounts should be revoked
  • Finance employees should always need multi-factor authentication for large transactions
  • Employees should always be sharp on negligence from themselves and other colleagues. Is everybody sticking to the right security policies?

What makes an insider threat awareness test effective?

An insider threat awareness quiz can be helpful in making employees resilient against insider threats.

Here’s what you should look for in a solution:

  • Recurring training: Yearly training has been proven to be ineffective. Weekly or monthly training creates lasting awareness and helps to build up knowledge over time.
  • Gamification: Opt for a solution that uses gamification. Often, employees may not be excited to learn about insider threats. The more you gamify the experience, the more likely they will be to engage.
  • Reporting abilities: A tool that comes with analytics comes with two significant benefits. First, it helps you to keep an eye on the learning progress of your team and understand how you can improve the training programme. On the other hand, it proves your team is training, which is helpful for compliancy.


Insider threat awareness is an often overlooked part of security awareness training. We tend to look at cyber security as something that only protects us against outside threats. But your organization may just as well be vulnerable from the inside.

With Guardey, your employees learn how to recognize and report insider threats on a regular basis. The gamified experience helps them to stay engaged. Who doesn’t like a bit of friendly competition?

Start a 14-day free Guardey trial

Frequently Asked Questions

What is gamification?

Gamification is adding game elements into non-game environments, such as security awareness training, to increase participation and foster active learning.

What are the benefits of gamification in security awareness training?

Traditional security awareness training can often be dry and boring. With gamification, the complex subject matter is transformed into an engaging and memorable experience.

By integrating game elements such as challenges, quizzes and rewards, it incentivizes users to actively learn. This makes the training more enjoyable and fosters a sense of competition and achievement. This combination drives better retention and application of cyber security knowledge.

Why is it important to train security awareness on a weekly basis?

Research shows that up to 90% of the learnings from yearly or even quarterly training are forgotten within a few weeks. Guardey was built to keep its users aware of cyber threats 365 days a year. The game comes with short, weekly challenges that slowly builds up the user’s knowledge and eventually drives lasting behavior change.

Which topics are covered in Guardey’s security awareness game?

Guardey covers a wide array of topics to train users about all currently relevant cyber threats, put together in collaboration with ethical hackers and educationalists. The topics covered include phishing, remote work, password security, CEO fraud, ransomware, smishing, and much more.

How much time do the weekly challenges take?

Every challenge takes up to three minutes to complete.

Can I use Guardey to comply with the ISO27001, NIS2, and GDPR security awareness policies?

Yes. ISO27001, NIS2, and GDPR all require that all employees receive appropriate security awareness training. Guardey is always up-to-date with the latest cyber threats, policies, and procedures.

Is security awareness training important for all employees, or just specific roles?

Cybersecurity awareness training is crucial for all employees, not just specific roles. Every staff member can potentially be a target or an unwitting entry point for cyber attacks. Training helps create a security-focused culture and minimizes risks for the entire organization.

While certain roles may require specialized training, a foundational level of training should be accessible to everyone.

In which languages is Guardey available?

Guardey is available in English, Dutch, Italian, French, Spanish, German, Polish, Swedish and Danish.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk CTA Guardey website

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial