The Effectiveness of Gamification Approaches in Enhancing Cybersecurity Awareness: A Systematic Literature Review
Abstract
Cybersecurity awareness plays a vital role in strengthening the digital defense of individuals and organizations, particularly for non-technical users who are highly susceptible to cyber threats. This study presents a Systematic Literature Review (SLR) of thirteen peer-reviewed articles to explore the effectiveness of gamification-based approaches in cybersecurity awareness training. The findings reveal that gamified approaches using elements such as points, badges, leaderboards, narratives, puzzles, and immersive media (e.g., AR, VR, escape rooms) significantly enhances users’ engagement, motivation, knowledge acquisition, and behavioral change. Interactive learning environments designed through game-based strategies foster both technical and non-technical skill development, promote team collaboration, and provide meaningful learning experiences. Studies also highlight that elements such as feedback mechanisms, storytelling, and role-playing simulations improve conceptual understanding and self-efficacy in applying cybersecurity practices. Despite these benefits, the review identifies several research gaps and challenges, including the lack of long-term evaluations, limited comparative analysis of individual game elements, and scalability issues due to high implementation costs. Most existing studies are conducted in limited contexts, which reduces the generalizability of the findings.
References
K. Khadka and A. B. Ullah, “Human Factors In Cybersecurity: An Interdisciplinary Review and Framework Proposal,” International Journal of Information Security, vol. 24, no. 119, 2025.
S. Hart, A. Margheri, F. Paci, and V. Sassone, “Riskio: A Serious Game for Cyber Security Awareness and Education,” Computers & Security, vol. 95, 2020.
F. Faith, Z. A. Long, S. Hamid, F. Johnson, A. Norman, “Cybersecurity Knowledge Deterioration and the role of Gamification Intervention,” Journal of Advanced Research in Applied Sciences and Engineering Technology, vol. 43, no. 1, pp. 66–94, 2025.
A. K. Gwenhure and F. S. Rahayu, “Gamification of Cybersecurity Awareness for Non-IT Professionals: A Systematic Literature Review,” International Journal of Serious Games, vol. 11, no. 1, pp. 83–99, 2024.
F. Abu-Amara, R. A. Hosani, H. A. Tamimi, and B. A. Hamdi, “Spreading cybersecurity awareness via gamification: zero-day game,” International Journal of Information Technology, vol. 16, pp. 2945–2953, 2024.
C. DeCusatis, B. Gormanly, E. Alvarico, O. Dirahoui, J. McDonough, B. Sprague, M. Maloney, D. Avitable, and B. Mah, “A Cybersecurity Awareness Escape Room using Gamification Design Principles,” 2022 IEEE 12th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA, 2022, pp. 0765-0770, doi: 10.1109/CCWC54503.2022.9720748.
R. Matovu, J. C. Nwokeji, T. Holmes, and T. Rahman, "Teaching and Learning Cybersecurity Awareness with Gamification in Smaller Universities and Colleges," 2022 IEEE Frontiers in Education Conference (FIE), Uppsala, Sweden, 2022, pp. 1–9, doi: 10.1109/FIE56618.2022.9962519.
T. Wu, K-Y. Tien, W-C. Hsu, and F-H. Wen, “Assessing the Effects of Gamification on Enhancing Information Security Awareness Knowledge,” Applied Sciences, vol. 11, no. 19, 2021.
H. Alqahtani and M. Kavakli-Thorne, “Design and Evaluation of an Augmented Reality Game for Cybersecurity Awareness (CybAR),” Information, vol. 11, no. 2, 2020.
H. Taherdoost, “Towards an Innovative Model for Cybersecurity Awareness Training,” Information, vol. 15, no. 9, 2024.
Y. Ahmed, M. Ezealor, H. Mahmoud, M. A. Azad, M. Farah, and M. Yousefi, “Enhancing Security Awareness Through Gamified Approaches,” 2024, arXiv:2404.09052.
T. van Steen and J. R. A. Deeleman, “Successful Gamification of Cybersecurity Training,” Cyberpsychol Behavior and Social Networking, vol. 24, no. 9, pp. 593–598, 2021.
T. Chen, M. Stewart, Z. Bai, E. Chen, L. Dabbish, and J. Hammer, “Hacked Time: Design and Evaluation of a Self-Efficacy Based Cybersecurity Game,” 2020 ACM Designing Interactive Systems Conference, New York, NY, USA, pp. 1737–1749, 2020.
R. Pirta-Dreimane, A. Brilingaite, E. Roponena, K. Parish, J. Grabis, R. G. Lugo, and M. Bonders, “CyberEscape Approach to Advancing Hard and Soft Skills in Cybersecurity Education,” Lecture Notes in Computer Science, HCII 2023, Copenhagen, Denmark, vol. 14019, pp 441–459, 2023.
D. Cabrera, L. Cabrera, and E. Cabrera, “The Steps to Doing a Systems Literature Review (SLR),” Journal of Systems Thinking, 2023, doi: 10.54120/jost.pr000019.v1.
E. Löffler, B. Schneider, P. M. Asprion, T. Zanwar, “CySecEscape 2.0—A Virtual Escape Room to Raise Cybersecurity Awareness,” International Journal of Serious Games, vol. 8, no. 1, pp. 59–70, 2021.
A. Spatafora, M. Wagemann, C. Sandoval, M. Leisenberg, and C. Vaz de Carvalho, “An Educational Escape Room Game to Develop Cybersecurity Skills,” Computers, vol. 13, no. 8, 2024.
P. Jansen and F. Fischbach, “The Social Engineer: An Immersive Virtual Reality Educational Game to Raise Social Engineering Awareness,” 2020 Annual Symposium on Computer-Human Interaction in Play (CHI PLAY '20), Computing Machinery, New York, NY, USA, pp. 59–63, 2020.
Helmiawan, M. A., & Wiharko, T. (2018). Application of Fingerprint Security System on Motorcycles using Arduino Microcontroller. J-Tin’s-Jurnal Teknik Informatika, 2(1).
Helmiawan, M. A., Juna, D. I., & Ramdhani, B. (2018). Pengamanan Sistem Dan Data E-Voting Berbasis Network. INTERNAL (Information System Journal), 1(1), 1–10.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.