In today’s digital landscape, cyber security gamification is emerging as a powerful tool to address the growing challenges of enterprise security—especially within government institutions like the Government of Canada. As policy makers and digital teams work to protect sensitive systems and data, traditional approaches to cybersecurity often fall short due to limited public understanding and engagement. Many individuals underestimate their exposure to threats or find security protocols unrelatable. Through thoughtful product design and civic design strategies, gamification introduces a more engaging and effective way to build awareness and shape behavior around cyber risk.
Background and Context
The Office of the Chief Information Security Officer (CISO) at Public Services and Procurement Canada (PSPC) plays a critical role in safeguarding government digital infrastructure and enterprise security. However, promoting cybersecurity awareness across departments proved challenging. While employees acknowledged its importance, the topic often felt abstract and inaccessible, limiting engagement and retention. To address this, PSPC turned to service design—leveraging principles of Design Thinking and civic design to find a solution that would enhance employee engagement, strengthen PSPC’s security posture, and create an interactive, policy-aligned experience that made security practices more approachable, memorable, and actionable.
Challenges
1. Limited Capacity and Cross-Disciplinary Expertise
The Cybersecurity Directorate was composed of a small, highly specialized team with deep technical knowledge but limited experience in solutions design, user research, and product delivery—skills critical for developing an engaging, human-centered awareness tool.
2. Absence of a Research or Validation Framework
While a cybersecurity audit had surfaced concerns about the organization’s security posture, PSPC lacked an established internal process for investigating root causes or validating assumptions through evidence-based methods like user research, behavioral insights, or usability testing.
3. Budget Constraints for Design-Led Innovation
With no precedent for investing in design or digital product development within the cybersecurity portfolio, the available budget for a technology-enabled solution—especially one involving service design or cyber security gamification—was limited and required strategic prioritization.
4. Organizational Resistance to Non-Traditional Approaches
Introducing product design, gamification, and civic design methods within a policy-driven, risk-averse environment posed challenges in gaining early buy-in and aligning stakeholders around a more experimental, user-centered path forward.
5. Translating Policy into Engaging User Experiences
Bridging the gap between complex security policy and everyday staff behavior required translating abstract requirements into intuitive, engaging, and contextually relevant product experiences—a task that demanded careful alignment across policy, design, and communications.
Solution
Our initial user research gave us insights into a range of possible solutions that could contribute to a more cyber-safe environment. We worked with the client to define a strategy, scope, and roadmap that enabled them to achieve their objectives, resulting in:
1. Employee-Centered Service Blueprint
To guide strategic decision-making, we created a comprehensive service blueprint that mapped the existing cybersecurity awareness ecosystem. This visual framework helped the Cybersecurity Directorate identify pain points, gaps, and high-impact opportunities for intervention and innovation.
2. Gamification of Cybersecurity Awareness
We introduced a cyber security gamification strategy designed to increase employee engagement and learning retention. This included a detailed roadmap aligned with PSPC’s service model, performance indicators, and the development of SpyQuest—a custom game experience that made cybersecurity learning interactive and rewarding.
3. Human-Centered Product Design and Delivery
Our multidisciplinary team applied product design and civic design principles to create an intuitive, engaging, and policy-aligned digital experience. The result was a fully functional, award-winning game launched in October 2024, tailored to both organizational goals and user needs.
4. Cross-Functional Collaboration and Capacity Building
We worked closely with internal teams to foster knowledge transfer and build internal capacity, introducing design thinking and agile delivery methods that could be scaled or reused for future security and policy-driven initiatives.
5. Impact-Driven Implementation Strategy
To ensure the solution delivered real value, we embedded clear success measures—also known as Key Performance Indicators (KPIs)—into the product roadmap. These metrics helped track employee engagement, learning outcomes, and alignment with enterprise security goals, while also informing future improvements.
“SpyQuest is a game-changer—literally! Design Centered Co. nailed it, creating a product that not only will boosts cyber-safe behaviors in the federal Canadian public service but will also make learning enjoyable. Their attention to detail and user experience was outstanding.”
– Ulrich Dorig, Manager, Government of Canada
Benefits and Outcomes
1. Higher Engagement in Cybersecurity Learning
By applying game theory and cyber security gamification, we significantly increased employee participation in security training. The interactive format encouraged behaviors aligned with the Cybersecurity Directorate’s goals—fostering a more engaged, cyber-aware workplace culture.
2. New Capabilities in Digital Product Delivery
Through collaboration and capacity-building, PSPC was able to demonstrate its ability to deliver user-centered, tech-enabled solutions. This marked a shift in how the department approaches innovation and product design within public administration.
3. Increased Funding Through Digital Transformation
The successful delivery of this project helped PSPC showcase measurable outcomes and innovation potential, directly contributing to new funding opportunities for future digital transformation and enterprise security initiatives.
4. Ongoing User Feedback and Iteration
We introduced a structured feedback loop and product management approach, enabling the client to continuously gather insights from employees and adapt the solution to better meet evolving needs—ensuring long-term relevance and effectiveness.
5. Model for Civic Design in Government
The project served as a successful example of applying civic design and human-centered practices in a policy-driven environment, creating a replicable model for other departments aiming to improve public sector engagement and behavior change.
Ready to lead digital transformation with clarity and impact?
Contact Us to explore how our expertise in product design, strategy, and human-centered innovation can help your team navigate complexity and drive meaningful change. In today’s fast-moving landscape, success isn’t about having the most resources—it’s about turning human insight into action through thoughtful, purpose-driven design.
