Cybercriminals don’t just target systems, they target people. Nearly 95% of cyber incidents stem from preventable human error, according to Mimecast’s State of Human Risk Report, making untrained employees the weakest link in any organization’s defense.
Gamified learning is emerging as a game-changing approach, replacing routine compliance drills with story-driven challenges based on real-world scenarios. This active learning method leverages how people naturally learn and forms lasting habits, building a “human firewall” prepared to counter increasingly complex cyber threats.
To help organizations proactively defend themselves, global cybersecurity leader ESET has launched its Cybersecurity Awareness Training platform. This online program goes beyond gamification, immersing employees in real cybersecurity challenges that blend incentives with hands-on gameplay to sharpen critical skills protecting digital assets.
“As the training progresses, they step into the role of junior cybersecurity detectives, earning points by tackling mini-games and navigating cybercrime-themed scenarios they could encounter in real life,” said Steve Flynn, Chief Commercial Officer at ESET Southern Africa, during a cybersecurity media awareness webinar on September 16. “Along the way, rewards reinforce learning, boost retention, and build the practical skills needed to sidestep the everyday mistakes cybercriminals count on.”
Phishing remains the top cyber threat in South Africa, comprising 52% of attacks, according to ESET’s latest Threat Report. Major breaches this year include a business email compromise at SABC, and crippling phishing attacks on the South African Weather Service that disrupted aviation, marine operations, and communications. These breaches were not due to technical flaws but human error—staff caught off guard by convincing, malicious emails, underscoring the frontline role employees play in cybersecurity.
“Without a well-trained and engaged workforce, even the best systems can fail. Real behavioural change and a true shift towards a cyber-aware culture takes practice, and plenty of it,” said Flynn. “That’s where the ESET Cybersecurity Awareness Training phishing simulator steps in. By offering realistic tests with regularly updated templates, it sharpens an employee’s awareness and instincts – so that when a real phishing threat comes knocking, they’re not just prepared – they’re ready to strike back.”
According to Interpol’s June Africa Cyberthreat Assessment Report, cybercrime accounts for more than 30 per cent of all reported crime in Western and Eastern Africa. Online scams, ransomware, business email compromise and digital sextortion are the most reported cyberthreats, with 90 per cent of African countries report needing ‘significant improvement’ in law enforcement or prosecution capacity.
“Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa. It directly concerns the digital sovereignty of states, the resilience of our institutions, citizen trust and the proper functioning of our economies,” said Jalel Chelba, Acting Executive Director of AFRIPOL.
Africa lost $3 billion to cybercrime between 2019 and 2025, with specific figures for 2025 still emerging, though the trend shows a significant and escalating cyber threat across the continent. Interpol has highlighted that over two-thirds of member states view cybercrime as a “medium” to “high” share of offenses.
As cyberattacks grow more sophisticated, the cost of human error is rising. “Historically, the challenge hasn’t been a lack of education, but a lack of engagement,” said Flynn. “Too often, cybersecurity is treated like a formality – leaving organisations exposed and employees checked out. Meanwhile, cybercriminals relentlessly exploit human error at every turn. That’s why shifting the focus from awareness to action is vital. One reused password or a careless click on a suspicious link can have devastating consequences.”
Prevention remains the best defense: reducing attack surfaces, simplifying complexity, and putting people at the center of cybersecurity. By empowering employees to turn knowledge into action, gamified training is transforming a long-standing vulnerability into an organization’s strongest defense line.