Abstract Cybersecurity education plays a vital role in preparing individuals to navigate digital environments safely. In recent years, gamification and serious games have emerged as innovative methods to improve engagement, motivation, and learning outcomes in cybersecurity awareness education. This scoping review investigates the development and evaluation of gamification and serious games-based methods for cybersecurity awareness teaching. A systematic search was conducted across three major academic databases-IEEE Xplore, ACM Digital Library, and SpringerLink-for studies published between 2018 and 2024, resulting in the inclusion of 230 primary studies. The review addresses two main research questions: the current state of development in game-based cybersecurity education methods and how their effectiveness and performance are evaluated. The findings highlight a diverse range of tools and approaches, with most targeting industry professionals and undergraduate students, while also noting emerging efforts directed toward children and the general public. A key contribution of this review is the evaluation of an existing taxonomy for cybersecurity educational games, which was successfully applied to 57 different games of varied types and audiences. Lastly, the review outlines important implications for both researchers and educators. It advocates for the integration of standardized testing, control group comparisons, and mixed-method evaluations, such as including post-experiment surveys and interviews, to improve the reliability and depth of assessments. These recommendations aim to enhance the design and evaluation of game-based approaches in cybersecurity awareness education and inform future research in the field.
Weeratunge et al. (Sat,) studied this question.