ABSTRACT
Purpose>Computer games that teach cybersecurity concepts have been developed to help both individuals and organizations shore up their defence against cybercrimes. Evidence of the effectiveness of these games has been rather weak, however. This paper aims to guide the design and testing of more effective cybersecurity educational games by developing a theoretical framework.Design/methodology/approach>A review of the literature is conducted to explore the dependent variable of this research stream, learning outcomes and its relationship with four independent variables, game characteristics, game context, learning theory and user characteristics.Findings>The dependent variable can be measured by five learning outcomes: information, content, strategic knowledge, eagerness to learn/time spent and behavioral change. Game characteristics refer to features that contribute to a game’s usefulness, interactivity, playfulness or attractiveness. Game context pertains to factors that determine how a game is used, including the target audience, the skill involved and the story. Learning theory explains how learning takes place and can be classified as behaviorism, cognitivism, humanism, social learning or constructivism. User characteristics including gender, age, computer experience, knowledge and perception, are attributes that can impact users’ susceptibility to cybercrimes and hence learning outcomes.Originality/value>The framework facilitates taking stock of past research and guiding future research. The use of the framework is illustrated in a critique of two research streams. Multiple research directions are discussed for continued research into the design and testing of next-generation cybersecurity computer games.