In testing, just 11% of 3 907 employees proved a high level of cybersecurity awareness using Kaspersky Gamified Assessment Tool.

During the game, employees receive points on the decisions they make during commonly encountered situations occurring while working remotely – at home or while travelling – and working in the office. They are asked to assess whether their actions carry cyber risks, and how confident they are in their assumptions.

One in 10 (11%) of test participants were awarded a Certificate of Excellence, meaning they gave correct responses, scored over 90% of possible points. Most users – 61% – achieved an “average” result ranging from 82% to 90% points, while 28% could not prove sufficient knowledge of cybersecurity knowledge, scoring less than 75%.

With 90% of people overestimating their cybersecurity abilities, Kaspersky Gamified Assessment Tool is designed to not only change employee behaviour and awareness, but also to assist chief information officers (CIOs) and HR departments measuring workers’ cyber skills, and provide their teams with a relevant education environment.

The Gamified Assessment Tool covers six security domains: passwords and accounts, email, web browsing, social networks & messenger, PC security and mobile devices. The web browsing topic appeared to be the most difficult for users – just 24% defined actions correctly. Scenarios tied to mobile devices were least complex – 43% of employees made no mistakes in identifying cyber risks in these scenarios.

“The Gamified Assessment Tool is included in the ‘engagement phase’ of our Security Awareness Portfolio. It precedes the training stage in the Kaspersky Automated Security Awareness Platform, allowing employees to get clearer motivation for learning and helping organisations find out which educational program best fits their workers’ specific needs,” comments Alexander Lunev, product manager: security awareness and academic affairs at Kaspersky.

“However, even the best possible result achieved in the game is not an indicator that a user needs no further advanced training or periodic knowledge refreshment. The adversarial methods can change, and a person’s vigilance may weaken. That is why we also make sure that the learning and reinforcement parts of our product are interesting for all learners of all levels.”