Schedule a Demo
Back to Resource Center

The 8 best cyber security awareness tests for employees

Humans are often called ‘the weakest link’ in an organization’s cyber security. If you want to find out if this is the case for your employees, it can be helpful to do a cyber security awareness test.

During such a security awareness test, employees get challenged on their knowledge of topics such as spear phishing, CEO fraud, malware, or VPNs. In the best case, you look for a way to not only regularly test your employees’ awareness but also improve it.

In this article, you’ll find 10 information security awareness tests that we have tried out and reviewed.

Top cyber security awareness tests

  1. Guardey
  2. Counterintelligence Trivia Twirl
  3. The Weakest Link
  4. Missing Link
  5. Deepspace Danger
  6. Targeted Attack: The Game
  7. KnowBe4
  8. Hoxhunt

1. Guardey

Spear phishing software Guardey

Guardey is a security awareness training solution built on gamification. Every week, users get a cyber security challenge that takes 3-5 minutes to complete. During those challenges, they learn everything about topics such as phishing, password security, CEO fraud, and more.

Getting employees to engage in security awareness tests can be a challenge. But the gamification elements in Guardey get employees intrinsically motivated to play. There’s a storyline throughout, you can earn money for your fictional organization, and see which one of your colleagues is beating you on the leaderboard.

This solution is an amazing security awareness test for employees. In the reporting section, you can quickly gauge how users are performing and which topics may need more attention. Because they take on challenges every week, their awareness level is optimized.


  • Recurring testing and training
  • Covers all relevant security topics
  • Intrinsically motivates users to play


  • Not made for one-time tests
  • Not free, but affordable


“Many employees immediately start playing the new weekly challenge once they receive the email that it’s ready. Some of them are seriously disappointed when they get a question wrong. It has started multiple internal discussions about security, which is great. I’m also noticing that more people are reporting suspicious emails. And that’s exactly the mindset we’re looking for.”Source

Start a 14-day free Guardey trial

2. Counterintelligence Trivia Twirl

If you’re looking for a fun way to test your team’s security awareness, this is a good solution.

During an old-school trivia twirl, your employees can simply spin the wheel and take on a couple of quizzes. Doing these quizzes gives you a quick idea of what the overall level of security awareness is.

It’s a fun idea to play while you are together in the same room, and gauge the reactions of your team. Are they having a hard time? Or does it all seem logical to everybody?


  • Fun test for one-time usage
  • Spinning the wheel is a nice touch
  • Free of charge


  • Not suitable for long-term awareness improvement
  • The content is somewhat outdated

3. The Weakest Link

The Weakest Link is another good solution for a one-time test to see how security-aware your team is.

During the quiz, you get a bunch of tough questions about a range of cyber security topics. You can stretch it to about an hour tops. After each question, you get immediate feedback about the answer you just gave — no matter if it’s right or wrong. This means the user isn’t only being tested, they also learn.


  • Free of charge
  • Immediate feedback
  • Tough questions


  • Limited gamification elements
  • Not a long-term testing/training solution

4. Missing Link

Missing Link zooms in on phishing awareness. During the game, users get to analyze several phishing emails. The goal is to point out as many clues as possible that point to the message being phishing. Afterward each challenge, you get in-depth feedback on the clues you may have missed.

Even though phishing is the biggest cyber threat out there, you need to remember that this game doesn’t cover all cyber threats.


  • Free of charge
  • In-depth feedback


  • Only focuses on phishing
  • Only for one-time usage

5. Deepspace Danger

If you’re looking for a cyber security awareness test that leans on video, Deepspace Danger may be the solution you’re looking for.

You play a character in an animation video and the story takes place in deep space. Once you learn that your spacecraft is hit by a meteor, you need to keep the spacecraft safe. Small but important detail: the spacecraft contains the personal data of every single person in the entire universe.

After each (long-winded) video, you get a multiple-choice question. It’s a fun way to get employees to engage in a test.


  • Good animations
  • You get direct feedback in video format


  • The outer space story arch is far-fetched
  • The videos are time-consuming
  • Costs are unknown

6. Targeted Attack: The Game

Another video-based security awareness test is called Targeted Attacks. During the videos, you get taken through a story where you play a chief information security officer. So from the beginning, it is clear that this game is not for your average office employee.

However, if you’re looking for a game to keep cyber security specialists entertained every once in a while, this is a fun solution.


  • Free of charge
  • Great production value
  • Relatable storyline for security pros


  • Not for the average employee
  • The videos are time-consuming

7. KnowBe4

KnowBe4 is known as the biggest name in the security awareness space. They offer a wide range of content within this space. The amount of content can be overwhelming — especially for organizations who are looking for a plug-and-play solution. However, if you’re a cybersecurity specialist who wants to put their own program together, KnowBe4 has a ton of library content you can pick and choose from.

Each training session contains videos that are then followed by multiple-choice questions. The reporting feature is extensive, which makes it easier to report the results of your information security awareness testing program.

If you want to use this tool, you need to start with at least 25 different users.


  • Huge content library
  • Well-known brand
  • Can be used for long-term testing/training


  • No free trial
  • Complex pricing model
  • Implementation can take a while

8. Hoxhunt

Hoxhunt is also a well-known name in the industry. Their focus is on phishing and security awareness training, where users frequently get bite-sized training.

There is no pricing information or free trial available, which means you’ll need to request a demo to learn more about Hoxhunt.


  • Well-known brand
  • Can be used for long-term training and testing


  • No free trial
  • No pricing information

What to look for in an information security awareness test

Picking out a security awareness testing solution that fits your organization can be difficult. Here are some things I’d recommend to look out for.

Direct feedback

When you use an interactive training solution, you want users to get direct feedback all the time. This is where they learn from their mistakes (or lucky guesses).

Reporting functionality

Are you really testing anything if you can’t get a deep dive into the results? Here, you want to look for reporting features that show you how each employee is performing and how they can improve.

Short and sweet

We’re all busy. The less time a security awareness test takes, the more likely your employees will actually participate.

Recurring testing

You need regular training if you want the test results to improve over time. Research has shown that the traditional yearly training sessions cause a short peak in awareness, which crashes within a couple of weeks. Choose a solution that offers weekly, bi-weekly, or monthly challenges.

Wide range of topics

There are a lot of information security awareness tests out there centered around one topic: phishing. Phishing is a huge problem, but there are much more cyber threats that you need to test for. That’s why you want to look for a solution that covers a wide range of topics, including:

  • Social engineering
  • Updating software
  • Password security
  • Ransomware
  • Removable media
  • Safe remote work
  • Smishing

Start testing security awareness with Guardey

Employees don’t have to be the weakest link. With the right tool, you can test their awareness level, improve it with gamified training, and turn them into your strongest firewall.

Guardey is a security awareness solution that offers the ability to test and train the awareness of your colleagues with gamification. It has proven to intrinsically motivate users to participate and engage in learning about the most important cyber threats of today.

Start a 14-day free Guardey trial

Frequently Asked Questions

What is gamification?

Gamification is adding game elements into non-game environments, such as security awareness training, to increase participation and foster active learning.

What are the benefits of gamification in security awareness training?

Traditional security awareness training can often be dry and boring. With gamification, the complex subject matter is transformed into an engaging and memorable experience.

By integrating game elements such as challenges, quizzes and rewards, it incentivizes users to actively learn. This makes the training more enjoyable and fosters a sense of competition and achievement. This combination drives better retention and application of cyber security knowledge.

Why is it important to train security awareness on a weekly basis?

Research shows that up to 90% of the learnings from yearly or even quarterly training are forgotten within a few weeks. Guardey was built to keep its users aware of cyber threats 365 days a year. The game comes with short, weekly challenges that slowly builds up the user’s knowledge and eventually drives lasting behavior change.

Which topics are covered in Guardey’s security awareness game?

Guardey covers a wide array of topics to train users about all currently relevant cyber threats, put together in collaboration with ethical hackers and educationalists. The topics covered include phishing, remote work, password security, CEO fraud, ransomware, smishing, and much more.

How much time do the weekly challenges take?

Every challenge takes up to three minutes to complete.

Can I use Guardey to comply with the ISO27001, NIS2, and GDPR security awareness policies?

Yes. ISO27001, NIS2, and GDPR all require that all employees receive appropriate security awareness training. Guardey is always up-to-date with the latest cyber threats, policies, and procedures.

Is security awareness training important for all employees, or just specific roles?

Cybersecurity awareness training is crucial for all employees, not just specific roles. Every staff member can potentially be a target or an unwitting entry point for cyber attacks. Training helps create a security-focused culture and minimizes risks for the entire organization.

While certain roles may require specialized training, a foundational level of training should be accessible to everyone.

In which languages is Guardey available?

Guardey is available in English, Dutch, Italian, French, Spanish, German, Polish, Swedish and Danish.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk CTA Guardey website

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial