Gamification of Cybersecurity Awareness for Non-IT Professionals: A Systematic Literature Review

Abstract

This literature review delves into research on the gamification of cybersecurity awareness for non-IT professionals, aiming to provide an accurate report on known and unknown information regarding three key questions: the impact of gamification on cybersecurity awareness interest and engagement, measurable results related to game elements and their connection to specific learning goals, and the long-term effectiveness of gamified cybersecurity. Examining five relevant papers, the findings confirm short-term effectiveness and indicate that the incorporation of various game elements, such as storytelling, team leaderboards, and interactive scenarios, results in increased knowledge, improved engagement, and positive behavior changes aligned with specific cybersecurity awareness learning goals. However, the review also identifies recurring gaps in evaluating individual game elements and customizing gamification strategies for non-IT professionals. Highlighting a critical gap in understanding long-term effectiveness, we argue for further empirical studies to consider habituation effects, emphasizing the need for a nuanced understanding of gamification's impact on cybersecurity awareness over an extended period. Thus, the review contributes to the existing body of knowledge by emphasizing the necessity for empirical studies focusing on sustained, long-term effectiveness and habituation effects in gamified cybersecurity initiatives.