Companies depend on internal control to protect the integrity of information systems. IT security and data privacy training are critical controls for safeguarding company information. Employees often dislike the training, however, which can cause a lack of attention to, and poor understanding of, training concepts leading to less effective internal control. To improve the training experience, companies are implementing principles of games in employee training modules, a practice known as gamification. Utilizing a laboratory experiment on data privacy training and a field study involving IT security training for employees of a bank, we test whether a training environment with basic gamification elements results in greater trainee satisfaction and knowledge acquisition than traditional, non-gamified training. We find basic gamification results in higher satisfaction levels in the lab and field, but only marginally significant improvements in learning. Furthermore, these learning improvements are quite small (e.g., 1 to 3 percent). Finally, we find that “gamers” (i.e., those who participate in gaming on their own time) gain more knowledge from gamified training than “non-gamers,” although gamers are less satisfied with gamified training.
Data Availability: Please contact the authors.