It is increasingly recognised that an organisation’s people have a key role to play in an effective cyber security strategy, with many of the most basic attacks being avoidable if existing policies and procedures are followed. 1
However, reducing the risks or vulnerabilities created by your people is not simply about increasing rules and restrictions (which can have a detrimental effect). Instead, developing an effective security culture depends on raising the levels of awareness and understanding of the cyber risk and embedding ‘security-aware’ values and behaviours across your organisation.
Demonstrating the link between technical measures, organisational measures and employee behaviours, both during and outside working hours, can significantly improve the development of a secure working environment. PA’s ‘Serious Gaming’ for cyber security provides a quick, effective and collaborative way to create awareness and change in employees’ attitude and behaviour.
Our cyber security game focuses on the assets and threats that are most relevant for your organisation. We develop compelling storylines that make players think carefully about the right response to different situations and to consider the trade-offs between decisions. We then translate insights generated through the game into a clear set of actions for improving security in your organisation. Our approach offers:
Exploration: by replaying a specific situation, participants can reach an agreed constructive solution
Awareness: by experiencing how a situation can change, stakeholders can see what impact their actions have
Behavioural change: by experiencing and reflecting on a situation, people become aware of their behaviour, and have the opportunity to replay with different (more desirable) behaviour
Training: by playing a game in a safe environment, participants can safely make mistakes, experiment and learn by doing.
1 2012 Data Breach Investigation Report, Verizon