There’s a disturbing paradox in security awareness training. Best practices for security programs require employee awareness training.

But line managers see it as ineffective, inefficient, and unproductive. From 10 years of teaching security awareness, here’s what I’ve learned.

Traditional security awareness training has had limited impact, because people generally:

  • Disengage when awareness training is predictable
  • Can skim content without retaining knowledge
  • Aren’t compelled to practice facing relevant risk decisions
  • See no advantage or reward in improving their skills
Security awareness paradox

Join our next 5-Day Challenge to experience something completely unique

“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager

Management won’t really see more benefits unless these issues can be overcome. But there is a way to make awareness fun, educational and time-efficient.

When you think of “gamification”, you may think of it as “playing games”. However, gamification is really a method of using proven psychological drivers to change behavior.

All of the above barriers can be overcome with an immersive gamified security awareness framework. Gamification must be deeply integrated into both training and engagement initiatives for security awareness programs to demonstrate significant, long-term effectiveness.


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.