Schedule a Demo
Back to Resource Center

How to decrease cyber risks with security awareness training

95% of all hacks and data leaks are caused by human error.

Some examples of such human errors are:

  • Clicking a link in a phishing email
  • Using a weak password
  • Not setting up 2FA or multi-factor authentication
  • Failing to update software regularly

And the list goes on.

When a data leak occurs, the results for a business can be catastrophic. According to IBM, the average cost of a data breach is $4.45 million. Faced with this type of damage, 60% of all small and medium-sized businesses are forced to shut down within six months.

In this article, we’ll explain how you can decrease the risk of being hurt by a cyber attack with cyber security awareness training.

What is cyber security awareness training?

During security awareness training, IT and security professionals train employees to help them understand their role in combatting security breaches. Security awareness training helps employees understand the latest risks and how to act while faced with a threat.

The benefits of security awareness training

The biggest cyber threat to companies is internal cyber unawareness. Actively training security awareness has proven to:

  • Improve awareness of cyber risks
  • Decrease human errors (for instance: better scores during phishing tests)
  • Decrease the risk of companies facing huge damages or even going bankrupt
  • Trained how to detect a breach and what to do in those cases

Which topics should be covered during security training?

We often see that trainings are exclusively focused on phishing. But there is a wide array of cyber threats that your employees should be made aware of:

  • Phishing attacks: Phishing attacks involve tricking individuals into revealing sensitive information or performing actions that compromise security, often through deceptive emails or websites.
  • Weak passwords: Weak passwords (such as Wilma123) are easily guessable or crackable, making it simpler for unauthorized users to gain access to accounts.
  • Lack of multi-factor authentication: Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide multiple forms of verification before accessing accounts or systems.
  • Removable media: Removable media, like USB drives, can be an easy gateway for malware.
  • Physical security: Physical security involves safeguarding devices, such as laptops and smartphones, from theft or unauthorized access.
  • Remote work: With the rise of remote work, it’s crucial to cover the security aspects related to working from outside the office environment. This includes secure connections, VPN usage, and more.
  • Public Wi-Fi: Public Wi-Fi networks are often unsecured and can expose users to various risks, including eavesdropping and malware attacks.
  • Social engineering: Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security.
  • Internet and email usage: Covering this topic educates your team about avoiding suspicious links, downloading attachments cautiously and more.
  • Cloud security: Cloud services offer convenience, but they also pose security challenges.
  • Social media usage: Sharing excessive personal information on social media platforms (such as your birthday, when you’re going on vacation, etc.) can lead to privacy breaches and targeted attacks.
  • GDPR: The GDPR requires personnel to understand their responsibilities in handling personal data.

Why most training methods are not effective

Most training methods are courses in the form of a PDF or Powerpoint presentation or in-person trainings. The trainings are often long-winded, outdated, and get subpar to bad engagement from the trainees simply because they’re a little dry (dare we say boring).

By far the biggest problem with these trainings is that they often occur yearly (or quarterly at best). Research shows that 90% of everything that has been taught during one-off trainings is forgotten within a week.

A positive development in the security awareness training field that we have seen in recent years is the rise of phishing simulations. During these tests, companies send fake phishing mails to their employees in order to test their awareness levels.

This is a step in the right direction, but phishing is only but a part of the enormous variety of cyber threats out there — as can be seen in the list above.

So which type of cyber security awareness training is actually effective?

Why we believe gamification is the best training method available

We believe that in order for cyber security awareness training to be effective, it should be:

  • Engaging: no matter how important the information is, it is difficult to retain information if the training method is dull
  • Recurring: what good is a yearly training if you forget 90% of what you’ve learned after a week?
  • Relevant: hackers come up with new methods to break into company data, which is why trainings should be up-to-date with the latest intel

With gamification, you can tackle all of the above. That’s why we built a cyber security awareness game.

In simple words, gamification is the application of gaming elements into non-game contexts, such as cyber security awareness trainings.

Below, we’ll break down step by step how our game helps combat cyber threats.

Weekly challenges

Every week, you get a challenge that takes about three minutes to do. You get asked all types of questions and when you get it right, you make money for your fictional company. If you get answers wrong, you lose money and your image takes a hit.

Learning curve Guardey

As you can see in the image above, the learning curve with gamification starts off slowly but improves over time. By doing weekly challenges, you slowly build knowledge that lasts.


The biggest challenge for many companies is making cyber security awareness training engaging. We solve that by adding an element of competition.

Leaderboard of Guardey's security awareness training game

Every Guardey user can see how they’re doing compared to other people in their team or company. This adds a fun element to their learning process. If you can beat your colleagues and even win prizes (or bets), it makes the learning experience much more fun and memorable.

Companies can choose to incentivize their employees by offering special rewards for top learners.

Relevant learnings

Hackers are looking for new ways to break into company data every day. This means that companies need regular training with relevant training materials.

An example of a question in Guardey's security awareness game

Guardey challenges are put together with experienced cyber security experts. We keep an eye out for the latest threats and weave them into the challenges.

Try out Guardey’s cyber security game for free

With the lion share of data breaches being caused by human error, it’s time for companies to train their teams.

Try out Guardey’s cyber security awareness game completely free of charge for 14 days. You don’t need to fill out your payment details to get started.

Don’t let hackers outsmart you. Try out Guardey 14 days for free.

Frequently Asked Questions

What is gamification?

Gamification is adding game elements into non-game environments, such as security awareness training, to increase participation and foster active learning.

What are the benefits of gamification in security awareness training?

Traditional security awareness training can often be dry and boring. With gamification, the complex subject matter is transformed into an engaging and memorable experience.

By integrating game elements such as challenges, quizzes and rewards, it incentivizes users to actively learn. This makes the training more enjoyable and fosters a sense of competition and achievement. This combination drives better retention and application of cyber security knowledge.

Why is it important to train security awareness on a weekly basis?

Research shows that up to 90% of the learnings from yearly or even quarterly training are forgotten within a few weeks. Guardey was built to keep its users aware of cyber threats 365 days a year. The game comes with short, weekly challenges that slowly builds up the user’s knowledge and eventually drives lasting behavior change.

Which topics are covered in Guardey’s security awareness game?

Guardey covers a wide array of topics to train users about all currently relevant cyber threats, put together in collaboration with ethical hackers and educationalists. The topics covered include phishing, remote work, password security, CEO fraud, ransomware, smishing, and much more.

How much time do the weekly challenges take?

Every challenge takes up to three minutes to complete.

Can I use Guardey to comply with the ISO27001, NIS2, and GDPR security awareness policies?

Yes. ISO27001, NIS2, and GDPR all require that all employees receive appropriate security awareness training. Guardey is always up-to-date with the latest cyber threats, policies, and procedures.

Is security awareness training important for all employees, or just specific roles?

Cybersecurity awareness training is crucial for all employees, not just specific roles. Every staff member can potentially be a target or an unwitting entry point for cyber attacks. Training helps create a security-focused culture and minimizes risks for the entire organization.

While certain roles may require specialized training, a foundational level of training should be accessible to everyone.

In which languages is Guardey available?

Guardey is available in English, Dutch, Italian, French, Spanish, German, Polish, Swedish and Danish.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk CTA Guardey website

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial