Gamifying cyber security awareness via mobile training apps
CEUR Workshop Proceedings
Security awareness is now an important issue for all users of information technology and online systems, both on an individual basis and in the context of the workplace. Unfortunately, many users remain unaware of key issues and security itself is often seen as a chore or an overhead, rather than something that they seek to actively embrace. Moreover, while organisations essentially depend upon their staff to be security-aware in order to reduce the potential for incidents and breaches, the evidence consistently shows that only a minority devote attention towards supporting this amongst their staff. For example, the latest UK Cyber Security Breaches Survey indicates that only 30% of respondents claimed to be providing user awareness and education, far behind provisions such as malware protection and network security, with 90% and 89% respectively (Klahr et al. 2017). The premise of this paper is that users may be more accepting of security if it is presented to them in an engaging manner, and so examines the potential for fundamental awareness-raising to be fostered via gameplay, which could be used instead of, or alongside, traditional methods.