Applying Basic Gamification Techniques to IT Compliance Training: Evidence from the Lab and Field
38 Pages Posted: 1 Nov 2014 Last revised: 22 Oct 2015
Date Written: October 21, 2015
Abstract
Companies depend on strong internal controls to protect the integrity of accounting information systems. IT security and data privacy training are critical controls to safeguarding company information. However, employees often dislike the training, which can cause a lack of attention to and poor understanding of training concepts, leading to less effective internal controls. To improve the training experience, companies are implementing principles of games into employee training modules; a practice known as gamification. Using a laboratory experiment of data privacy training and a field study involving a publicly-traded bank’s rollout of IT security training, we test whether a training environment with basic gamification elements results in greater trainee satisfaction and knowledge acquisition than traditional, non-gamified training. We find basic gamification results in much higher satisfaction levels in the lab and field, but only marginally significant improvements in learning. Furthermore, these learning improvements are quite small (e.g., 1 to 3 percent). Finally, we find that “gamers” (i.e., those who participate in gaming on their own time) gain more knowledge from gamified training than “non-gamers,” even though gamers are less satisfied with gamified training.
Keywords: Gamification, information security, data privacy, compliance training
JEL Classification: M4, M40, M41, M49, J31, M53
Suggested Citation: Suggested Citation