Using a Game to Explore Notions of Responsibility for Cyber Security in Organisations

Abstract

Improving the cyber literacy of employees reduces a company's risk of cyber security breach. Game-based methods are found to be more effective in teaching users how to avoid fraudulent phishing links than traditional learning material such as videos and text. This paper reports on the development of a mobile app designed to improve cyber literacy and provoke users' perceptions of who is responsible for cyber security in organisations. Based on a preliminary trial with 17 participants, we investigated users perceptions of a tongue-in-cheek, provocative cyber security awareness game where users' jobs depend on their aptitude for protecting their organisations' cyber security. Findings suggest that users accepted the high responsibility levelled upon them in the game and that ludic elements hold promise for engagement and increasing users' cyber awareness.