Recommendations for cybersecurity awareness for the South African local government using a gamification approach

Abstract

Although most cases of cybersecurity challenges are reported by large private organisations, it should be noted that public organisations are not immune. For example, in recent years, several government departments have experienced cyber-attacks and threats. The latter created a cybersecurity risk that needed to be addressed. The main aim of this study was to make recommendations for cybersecurity awareness using gamification approach for South African local government. This study was guided by three theoretical frameworks: (i) Cybersecurity Frameworks (CSF), (ii) Line-of-Defence (LoD), and (iii) Gamification. To achieve the main aim, several objectives (subdivided into primary and secondary) were put into place. Due to the nature of this study, an action research case study research methodology with a focus on local government was adopted. It was implemented using structured methods for data collection, analysis (drawing patterns), and development of recommendations. In this regard, the researcher conducted a literature review using different techniques, field research, and a qualitative interpretation case study approach. Action research was carried out using three phases. In the first phase of this study, the contextualisation and interaction process was used through a systematic literature review (SLR) aimed at exploring existing cybersecurity strategies and frameworks related to local governments. Furthermore, a selection of an appropriate game tool was made to promote gamification by collecting rich contextual data during game play to improve awareness of cybersecurity in the local government was conducted. The second phase, ‘Abstract and Reasoning’, focuses on critically assessing the selection of appropriate research methods to understand the unique cybersecurity challenges facing local governments. The objective of this phase was to develop a theoretical view of how local government employees perceive and react to cybersecurity threats and to formulate literature recommendations for gamification awareness. In this regard, a brief survey using questionnaires was conducted. III The third phase, ‘Multiple Interpretations and Suspicions’, allowed local government employees to formulate focus groups that were exposed to different experimental processes. In this regard, semi-structured interviews were used as a form of collecting employee knowledge, perception, and adoptability of the cybersecurity strategy using gamifications. The quality data from the focus group meetings was analysed and synthesised to produce recommendations. In this regard, content analysis was used to extract meaningful patterns and insights that were used. Furthermore, semi-structured interviews were used to validate the draft recommendations which were also compared to literature. Results indicated that gamification significantly improves engagement and retention of cybersecurity practices. Employees exposed to game-based learning demonstrated higher motivation and adaptability, suggesting that gamification can effectively bridge the gap between theory and practice. This study recommended integrating gamified modules into existing cybersecurity programmes, developing localised framework aligned with national standards, and implementing continuous monitoring and feedback. Policy support and resource allocation are essential for sustainability. This research was limited to a single local government, which may affect generalisability. Future studies should include multiple local governments and examine the long-term impact of gamification-based training.