Become a Partner
Back to Resource Center

How to decrease cyber risks with security awareness training

95% of all hacks and data leaks are caused by human error.

Some examples of such human errors are:

  • Clicking a link in a phishing email
  • Using a weak password
  • Not setting up 2FA or multi-factor authentication
  • Failing to update software regularly

And the list goes on.

When a data leak occurs, the results for a business can be catastrophic. According to IBM, the average cost of a data breach is $4.45 million. Faced with this type of damage, 60% of all small and medium-sized businesses are forced to shut down within six months.

In this article, we’ll explain how you can decrease the risk of being hurt by a cyber attack with cyber security awareness training.

What is cyber security awareness training?

During security awareness training, IT and security professionals train employees to help them understand their role in combatting security breaches. Security awareness training helps employees understand the latest risks and how to act while faced with a threat.

The benefits of security awareness training

The biggest cyber threat to companies is internal cyber unawareness. Actively training security awareness has proven to:

  • Improve awareness of cyber risks
  • Decrease human errors (for instance: better scores during phishing tests)
  • Decrease the risk of companies facing huge damages or even going bankrupt
  • Trained how to detect a breach and what to do in those cases

Which topics should be covered during security training?

We often see that trainings are exclusively focused on phishing. But there is a wide array of cyber threats that your employees should be made aware of:

  • Phishing attacks: Phishing attacks involve tricking individuals into revealing sensitive information or performing actions that compromise security, often through deceptive emails or websites.
  • Weak passwords: Weak passwords (such as Wilma123) are easily guessable or crackable, making it simpler for unauthorized users to gain access to accounts.
  • Lack of multi-factor authentication: Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide multiple forms of verification before accessing accounts or systems.
  • Removable media: Removable media, like USB drives, can be an easy gateway for malware.
  • Physical security: Physical security involves safeguarding devices, such as laptops and smartphones, from theft or unauthorized access.
  • Remote work: With the rise of remote work, it’s crucial to cover the security aspects related to working from outside the office environment. This includes secure connections, VPN usage, and more.
  • Public Wi-Fi: Public Wi-Fi networks are often unsecured and can expose users to various risks, including eavesdropping and malware attacks.
  • Social engineering: Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security.
  • Internet and email usage: Covering this topic educates your team about avoiding suspicious links, downloading attachments cautiously and more.
  • Cloud security: Cloud services offer convenience, but they also pose security challenges.
  • Social media usage: Sharing excessive personal information on social media platforms (such as your birthday, when you’re going on vacation, etc.) can lead to privacy breaches and targeted attacks.
  • GDPR: The GDPR requires personnel to understand their responsibilities in handling personal data.

Why most training methods are not effective

Most training methods are courses in the form of a PDF or Powerpoint presentation or in-person trainings. The trainings are often long-winded, outdated, and get subpar to bad engagement from the trainees simply because they’re a little dry (dare we say boring).

By far the biggest problem with these trainings is that they often occur yearly (or quarterly at best). Research shows that 90% of everything that has been taught during one-off trainings is forgotten within a week.

A positive development in the security awareness training field that we have seen in recent years is the rise of phishing simulations. During these tests, companies send fake phishing mails to their employees in order to test their awareness levels.

This is a step in the right direction, but phishing is only but a part of the enormous variety of cyber threats out there — as can be seen in the list above.

So which type of cyber security awareness training is actually effective?

Why we believe gamification is the best training method available

We believe that in order for cyber security awareness training to be effective, it should be:

  • Engaging: no matter how important the information is, it is difficult to retain information if the training method is dull
  • Recurring: what good is a yearly training if you forget 90% of what you’ve learned after a week?
  • Relevant: hackers come up with new methods to break into company data, which is why trainings should be up-to-date with the latest intel

With gamification, you can tackle all of the above. That’s why we built a cyber security awareness game.

In simple words, gamification is the application of gaming elements into non-game contexts, such as cyber security awareness trainings.

Below, we’ll break down step by step how our game helps combat cyber threats.

Weekly challenges

Every week, you get a challenge that takes about three minutes to do. You get asked all types of questions and when you get it right, you make money for your fictional company. If you get answers wrong, you lose money and your image takes a hit.

Learning curve Guardey

As you can see in the image above, the learning curve with gamification starts off slowly but improves over time. By doing weekly challenges, you slowly build knowledge that lasts.


The biggest challenge for many companies is making cyber security awareness training engaging. We solve that by adding an element of competition.

Leaderboard of Guardey's security awareness training game

Every Guardey user can see how they’re doing compared to other people in their team or company. This adds a fun element to their learning process. If you can beat your colleagues and even win prizes (or bets), it makes the learning experience much more fun and memorable.

Companies can choose to incentivize their employees by offering special rewards for top learners.

Relevant learnings

Hackers are looking for new ways to break into company data every day. This means that companies need regular training with relevant training materials.

An example of a question in Guardey's security awareness game

Guardey challenges are put together with experienced cyber security experts. We keep an eye out for the latest threats and weave them into the challenges.

Try out Guardey’s cyber security game for free

With the lion share of data breaches being caused by human error, it’s time for companies to train their teams.

Try out Guardey’s cyber security awareness game completely free of charge for 14 days. You don’t need to fill out your payment details to get started.

Don’t let hackers outsmart you. Try out Guardey 14 days for free.

Frequently Asked Questions

I already have a firewall, do I still need Guardey?

Relying solely on a firewall for cyber security leaves your organization vulnerable to evolving and sophisticated threats. Cyber attacks target multiple vectors, including vulnerabilities in software, employee endpoints and web applications. Guardey works in conjunction with the firewall.

Firewalls keep out up to 80% of online risks. With Guardey, it is transparent which online risks did make it through the firewall. In addition, human errors are still too often made, so also train employees to work responsibly online.

I already have a VPN, do I still need Guardey?

It’s good that you are already using a VPN. This makes you invisible to malicious people, but at the end of the day, employees can still be vulnerable by bringing in the wrong orders or wrong websites.

Guardey is more than a business VPN. Guardey also provides monitoring in the VPN tunnel. This detects online risks and allows a quick response.

We are too busy for weekly gamification. Why should I play the gamification?

These days we are all busy, we recognise that 😉 All the more important is employee awareness. Make sure employees don’t accidentally make mistakes due to pressure. After all, that only creates extra work.

That’s why our challenges are only a maximum of 5 minutes and can be done quickly in between. A new challenge becomes available every week. As an organisation, do you want to play these challenges every week, every two weeks or every month? Of course, that’s no problem either.

Can I also play just the gamification?

Short answer: yes! It is possible to play just the gamification.

Have you already taken sufficient cyber security measures for your employees in the office and outside the office? But can awareness still be worked on? Then you can also play just the gamification. This can already be done very easily in just the browser. Check out our game only package here.

Is Guardey effective against phishing attempts?

Phishing is especially dangerous when you don’t know you’re dealing with phishing. That’s why our cyber awarness game is the first step against phishing. Make people aware of the dangers and make sure they have the right knowledge so they don’t click on anything.

Further Guardey plays a crucial role in detecting suspicious online activities. For instance, if a member of your organization interacts with a website known for hosting phishing content, Guardey will promptly alert you about the potential risk. By providing this proactive alert system, Guardey aids in preventing users within your organization from falling prey to phishing scams.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk ter Harmsel

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial