Cyber threats continue to evolve yet research indicates that existing cyber security training programmes are often ineffective, leaving users feeling discouraged rather than empowered. As a result, there is a pressing need to redesign these programmes to enhance both engagement and learning outcomes. This study investigates the impact of two points-based gamification mechanisms, loss aversion (LA) and fixed reward (FR), on cyber security knowledge and user engagement. We developed two gamified web applications to implement LA or FR respectively, while incorporating identical core content alongside additional gamification elements, such as scenario-based learning and exploration. A total of 27 participants completed the training and evaluated the applications through an initial and end cyber security knowledge assessment, and a user engagement survey. Findings indicate that while LA was more effective in improving cyber security knowledge, FR received higher scores for user engagement. These results suggest that both LA and FR offer distinct advantages, with suitability depending on the specific training context.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Loss Aversion and Fixed Reward in Gamified Cyber Security Training

  • Nicole Carle,
  • Jacques Ophoff,
  • Lynsay Shepherd

摘要

Cyber threats continue to evolve yet research indicates that existing cyber security training programmes are often ineffective, leaving users feeling discouraged rather than empowered. As a result, there is a pressing need to redesign these programmes to enhance both engagement and learning outcomes. This study investigates the impact of two points-based gamification mechanisms, loss aversion (LA) and fixed reward (FR), on cyber security knowledge and user engagement. We developed two gamified web applications to implement LA or FR respectively, while incorporating identical core content alongside additional gamification elements, such as scenario-based learning and exploration. A total of 27 participants completed the training and evaluated the applications through an initial and end cyber security knowledge assessment, and a user engagement survey. Findings indicate that while LA was more effective in improving cyber security knowledge, FR received higher scores for user engagement. These results suggest that both LA and FR offer distinct advantages, with suitability depending on the specific training context.