Try Experiential Cybersecurity Awareness Training and Reap the Rewards

cybersecurity training games

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

May 3, 2022

Over the past few years, I’ve written a couple of posts on using games to make cybersecurity training more fun for your staff. (You can read my most recent one here.) They’ve proven to be among the more popular posts I’ve done. Likely, this is because those in charge of meeting IT protocols realize that hands-on, experiential cybersecurity awareness training is far more effective – and frankly, much more enjoyable – than more traditional methods. Let’s face it: There is nothing staff dread more than being required to sit in front of a dull video or lecture and then get quizzed on it. By incorporating interactive, group-based activities, staff get to enjoy the comradery that gameplay brings. And everyone will reap the benefits.

A shift in perception from tedious to fun

Most training – particularly the kind that is required for regulatory reasons – is thought of as a chore. “We just need to get this done to get IT off our backs” is a typical mindset. But if suddenly cybersecurity awareness training is known to involve gameplay, you’ll likely see a shift in mood and motivation. Now when it comes time to work with the IT department, it is perceived no longer as a mandatory undertaking, but as something to look forward to. Something that might actually be (dare I say it) fun.

Improved retention

And speaking of fun: Studies show that the brain is 68% more engaged when having you’re having it. For that reason, you can assume that when you use gamified learning, the chances of your staff retaining what they’ve learned are greatly increased. I’ve read numbers from various studies that show the rate of retention from experiential learning lands anywhere from 75-90%.  That said, the one thing all these studies have in common was that the retention rate was much higher in the experiential group than in the group taught in the more traditional way.

Gain immediate insight

Most training concludes with a review of test scores after all is said and done. But with experiential training, you can see immediately where some employees are struggling and where they’re doing well. This first-hand knowledge allows you to not only adapt to and work with individual needs, but to also design future security awareness programs that are flexible with different types of people.

Provide a safe learning environment

A key principle of experiential learning is that employees know they are participating in simulated cybersecurity threats. While learning about real-life scenarios, they are in no way at risk of actually jeopardizing your organization’s actual security. For that reason, employees feel less pressure to always get it right. There is room for mistakes, and as we all know, mistakes help people grow. And because most experiential training exercises involve teamwork, employees learn together and can help each other without judgement. This comradery built on shared training exercises can subsequently help build support for maintaining cybersecurity standards within individual departments.


So, consider switching up your training methods to some more experiential ones.  Try some of the games I mentioned in my linked post above. Or consider this cool-looking online Cybersecurity Escape Room. But at the very least, think about moving away from traditional, boring cybersecurity awareness training to something more entertaining and interactive. You’ll thank me later.





You May Also Like…

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Translate »
Share This