Utilising gamification tools, companies can transform employees from cyber security risks into assets. This opportunity space protects businesses and individuals from cyber threats by teaching smarter digital behaviour in an engaging way, and creates a new market for ethical hackers, hired by companies to find weak spots in cyber networks. Not only does this protect users and create a new market, it overcomes the shortage of cyber professionals.


Human error represents one of the biggest vulnerabilities for cyber security; studies show 95 percent of successful cyber security breaches involve human error. Gamification offers a series of attractive market opportunities for companies to develop cyber security products and services. Simply put, cyber security is not a top priority for most employees relying on digital technologies to perform their jobs, but using mechanics and methods from games increases awareness of cyber security and nudges users into secure cyber behaviour.

Gamification products, with their fundamental focus on user experience design, can motivate and engage employees in safer cyber behaviour, thereby diminishing one of the greatest threats to cyber security: ourselves. Many games allow people to play the role of either attacker or defender and compete against each other by investing in skills, tactics, talent, and tools. Games can be set up as competitions within businesses where employees are rewarded for good behaviour, instead of being punished for bad habits, heightening motivation.

A new development in the cyber security gamification opportunity space are products enabling companies to invite so-called “ethical hackers” onto a treasure-hunt styled game, working through their systems to spot and report bugs in return for a prize, usually money. Digital and tech companies have been early adopters, but the acute shortage of cyber security professionals is pushing more traditional industries to follow. It is an opportunity space for bug bounty hunters to maintain a good a business, as well as a promising space for companies managing the programs and corporations seeking help in improving employees’ online security.

Similar to this approach are changes within more innovative organisations that are sensitive towards cyber security competency building and retaining skilled personnel. In red team-blue team exercises, for instance, skilled security experts form a red team tasked with executing an attack on certain assets of the company while a blue team defends against it. Taken from military war gaming, these exercises are used not only to test the effectiveness of security barriers but also create a gaming atmosphere that stimulates the company’s skilled personnel, who could otherwise lack motivation or sense of purpose when, for example, being tasked to read security incident logs all day round.

The security awareness training market exceeds 1 billion USD in annual revenue globally, and is growing by approximately 13 percent per year. The growing market demand for these products is driven by the persistent increase in the number of cyber attacks. In 2015, the total number of cyber security incidents rose by 38 percent.

Demand drivers in this opportunity space include the increased digital complexity of day-to-day work processes that increase the risk of security breaches. Companies and organisations will continue to demand more and better products for securing their assets and for improving their employees’ digital security behaviour. Developing products and services to meet these challenges is a growing business opportunity for companies in the cybersecurity sector.

Key Numbers


global revenue for security awareness market


is the annual growth of the security awareness market


of security breaches are enabled by human error


SDGs - Business of Power

Solutions for this Opportunity

Kaspersky Security Awareness

Teachable lessons through gamification
and competition with their Kaspersky Security Awareness solution.
Location: Global See this solution

Training Day

Training Day from eSentire is an adaptive, gamified, and fully-mobile security awareness training solution that aims to arm employees against cyber-attacks.
Location: Global See this solution

Play the Challenge

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cyber security professionals.
Location: UK See this solution

The Toolwire Gamification Platform

A customized, self-paced digital courseware solution that enables learners to complete their skill development plans faster and more effectively.
Location: GlobalSee this solution

Bug Bounty Programs

Uber is gamifying bug finding to keep the best researchers engaged. The hackers get rewarded for their hard work and Uber builds a more secure platform.
Location: Global See this solution

Workforce Risk Intelligence Platform

Workforce Risk Intelligence Platform from Apozy continuously assesses and monitors security practices in order to nurture and maintain optimum corporate security posture.
Location: Global See this solution


Teaching employees to take an “outside- in” learning approach, essentially allowing them to get into the mind of the hacker.
Location: Global See this solution

Data Defender

Digital Guarding is with the Data Defender introducing a fun and interactive way for employees to learn about handling sensitive data properly.
Location: Global See this solution



The opportunity of cyber security games has been received with moderate to low enthusiasm across all regions, rated the 11th-highest opportunity on the overall ranking. Leaders in Europe are most positive about this opportunity, ranking it the 7th-best opportunity, while respondents in China rate it at the very bottom of the list. It is the lowest-ranked opportunity to address the cyber security risk.

Capacity to Grow the Market

Globally, respondents believe the technological capabilities already exist to make this market opportunity grow, while they perceive the economic and political capacity to be lower. MENA, Sub Saharan Africa, and North America are the three regions where we can expect the market to mature the fastest, as respondents believe the overall capacity is significant enough to enable the opportunity to grow.
Respondents with mid-level management responsibilities are more positive towards the overall capacities to pursue this opportunity than C-level management, which is different from most of the other opportunities.

Opportunity Business Case

In North America, leaders see a strong business case in this market opportunity, believing it will have a positive impact on business. Business leaders in Europe are also ready to pursue it, while business leaders in China see a weaker business case in this market opportunity.

Sector Impact

The “other” business sector is the group that assessed this opportunity to have the greatest ability to positively impact business sectors, while the service industry ranked this opportunity highest with respect to the likelihood of pursuing it.
The financial sector can be expected to actively advocate for the development of this market. From a regional perspective, business leaders in the MENA region will advocate most actively for this market.


Perceived benefits from pursuing this opportunity (x), and capacity to do so (y), World and geographic regions. Scale goes from -10 to +10.



Across geographic regions. Scale goes from -10 to +10.


Across business sectors regions. Scale goes from -10 to +10.

Learn more about the Global Opportunity Report 2017

Learn more

Download the full Global Opportunity 2017 Report here!

Download the report


General Enquiries

Press Information

  • For press information, please see our: Press page


  • Sign up here to receive the monthly newsletter from the Global Opportunity Network
© 2013 - 2018 - DNV GL, Veritasveien 1, 1363 Høvik, Norway