Comparison of the Efficacy of Capture The Flag (CTF) in Gamified Cybersecurity Training in Corporate Workforce

Abdikani Osman Abdalla; Mohamad Fadli Zolkipli

Ambrosio, J., Burghardt, M. D., & Hecht, D. (2021). Authentic Engineering Design Assessment. 2021 ASEE Virtual Annual Conference Content Access Proceedings, 36735. https://doi.org/10.18260/1-2--36735
Amjad, K., Ishaq, K., Nawaz, N. A., Rosdi, F., Dogar, A. B., & Khan, F. A. (2025). Unlocking Cybersecurity: A Game‐Changing Framework for Training and Awareness—A Systematic Review. Human Behavior and Emerging Technologies, 2025(1), 9982666. https://doi.org/10.1155/hbe2/9982666
Arduin, P.-E., & Costé, B. (2026). Learning to Hack, Playing to Learn: Gamification in Cybersecurity Courses. Journal of Cybersecurity and Privacy, 6(1), 16. https://doi.org/10.3390/jcp6010016
Cole, S. V. (2022). Impact of Capture The Flag (CTF)-style vs. Traditional Exercises in an Introductory Computer Security Class. Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 1, 470–476. https://doi.org/10.1145/3502718.3524806
Jean Tirstan T, Joy Gilbert A, & Nelmiawati Nelmiawati. (2022). Analysis of Cyber Security Knowledge and Skills for Capture the Flag Competition. JURNAL INTEGRASI, 14(1), 14–22. https://doi.org/10.30871/ji.v14i1.3986
Kaplan, Z., Zhang, N., & Cole, S. V. (2022). A Capture The Flag (CTF) Platform and Exercises for an Intro to Computer Security Class. Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 2, 597–598. https://doi.org/10.1145/3502717.3532153
Karagiannis, S., & Magkos, E. (2021). Adapting CTF challenges into virtual cybersecurity learning environments. Information & Computer Security, 29(1), 105–132. https://doi.org/10.1108/ICS-04-2019-0050
Khoo, L. J., Mohamad Yatim, M. H., & Wong, Y. S. (2025). Research on Capture the Flag Exercises for Cybersecurity Skill Training Among Malaysian Undergraduates. Journal of Human Centered Technology, 4(1), 1–9. https://doi.org/10.11113/humentech.v4n1.87
Okhae Joel Ojugo & Nse-obot Peter Afaha. (2025). Impact of AI-Enhanced Capture the Flag (CTF) competitions on student learning outcomes in cybersecurity training: A qualitative study. Open Access Research Journal of Engineering and Technology, 8(2), 073–080. https://doi.org/10.53022/oarjet.2025.8.2.0044
Pramod, D. (2025). Gamification in cybersecurity education; a state of the art review and research agenda. Journal of Applied Research in Higher Education, 17(4), 1162–1180. https://doi.org/10.1108/JARHE-02-2024-0072
Qolomany, B., Calay, T. J., Hossain, L., Mulahuwaish, A., & Bou Abdo, J. (2024). CCTFv2: Modeling Cyber Competitions. Entropy, 26(5), 384. https://doi.org/10.3390/e26050384
Razack, A. K. A., & Saad, M. F. M. (2024). Enhancing Cybersecurity Awareness through Gamification: Design an Interactive Cybersecurity Learning Platform for Multimedia University Students. Journal of Informatics and Web Engineering, 3(3), 21–40. https://doi.org/10.33093/jiwe.2024.3.3.2
Ridwan, A. St. K., Radiyah, U., Malik, M. I., Pattiroi, M. N., Fajri, N. U., & Amir, N. (2025). The Effectiveness of Capture The Flag as a Network Security Practical Intervention on Students’ Self-Efficacy and Learning Outcomes. Information Technology Education Journal, 811–824. https://doi.org/10.59562/intec.v4i4.11191
Schafeitel-Tähtinen, T., & Lazarov, W. (2025). Capture the Flag as a Learning Tool to Improve Cybersecurity Education. SEFI 53rd Annual Conference Proceedings (or Leave Blank If Not Specified). SEFI 53rd Annual Conference. https://doi.org/10.5281/ZENODO.17631277
Schafeitel‐Tähtinen, T., & Lazarov, W. (2025). Teaching and Learning Cybersecurity Using Capture the Flag: Effectiveness Comparison Between University Students in Finland and Czechia. Computer Applications in Engineering Education, 33(5), e70082. https://doi.org/10.1002/cae.70082
Singh, H. (2025). An Analysis on Data-Driven Capture the Flag (CTF) Platforms for Cybersecurity Education. International Journal for Research in Applied Science and Engineering Technology, 13(11), 380–389. https://doi.org/10.22214/ijraset.2025.75084
Taherdoost, H. (2024). Towards an Innovative Model for Cybersecurity Awareness Training. Information, 15(9), 512. https://doi.org/10.3390/info15090512
Tan, T., Abdullah, R. S., & Mas’ud, Z. (2025). Cybersecurity Education Using Gamification: Systematic Literature Review. International Journal of Academic Research in Business and Social Sciences, 15(10), Pages 743-760. https://doi.org/10.6007/IJARBSS/v15-i10/26583
Uluç, C., & Eyüpoğlu, C. (2025). Development of Capture the Flag Platform for Cyber Security Education. 18(1), 1–42. https://jast.hho.msu.edu.tr
Vineetha Harish, A., Tam, K., & Jones, K. (2025). Generating training events for building cyber-physical security skills. The Computer Journal, 68(5), 445–459. https://doi.org/10.1093/comjnl/bxae123
Williams, L., Anthi, E., Cherdantseva, Y., & Javed, A. (2024). Leveraging Gamification and Game-based Learning in Cybersecurity Education: Engaging and Inspiring Non-Cyber Students. Journal of The Colloquium for Information Systems Security Education, 11(1), 8. https://doi.org/10.53735/cisse.v11i1.186
Zola, F., Echeberria, X., Petisco, J., Vakakis, N., Voulgaridis, A., & Votis, K. (2024). KINAITICS: Enhancing Cybersecurity Education Using AI-Based Tools and Gamification. Proceedings of the 2024 16th International Conference on Education Technology and Computers, 138–147. https://doi.org/10.1145/3702163.3702183

Abstract viewed - 3 times
Pdf downloaded - 1 times

Affiliations

Abdikani Osman Abdalla
School of Computing, College of Art and Science, Universiti Utara Malaysia (UUM), 06010 Sintok, Kedah, MALAYSIA

Mohamad Fadli Zolkipli
School of Computing, College of Art and Science, Universiti Utara Malaysia (UUM), 06010 Sintok, Kedah, MALAYSIA

How to Cite

Abdalla, A., & Zolkipli, M. (2026). Comparison of the Efficacy of Capture The Flag (CTF) in Gamified Cybersecurity Training in Corporate Workforce. Borneo International Journal EISSN 2636-9826, 9(2), 16-22. Retrieved from http://majmuah.com/journal/index.php/bij/article/view/989

Content Top

Comparison of the Efficacy of Capture The Flag (CTF) in Gamified Cybersecurity Training in Corporate Workforce

Abdikani Osman Abdalla ,
Mohamad Fadli Zolkipli

Vol 9 No 2 (2026): June

Submitted: May 8, 2026

Published: Jun 4, 2026

Abstract

Gamified cybersecurity education techniques, especially Capture The Flag (CTF) games, have become a growing example of alternative to conventional compliance-based awareness initiatives in business settings. Although they have been increasingly popular, little has been studied on their long-term return on investment (ROI) in actual organizational contexts. In this paper, the impact of CTF-based training relative to traditional cybersecurity training is assessed based on such key performance indicators as knowledge retention, behavioural change, and financial outcomes. To synthesize the existing evidence on training effectiveness and ROI-related measures, a systematic review of 22 peer‑reviewed sources published within the period of 2021-2026 was developed. The results show that CTF based consistently outperforms, such as better knowledge retention, better engagement and reduced vulnerability to phishing attacks. Moreover, gamified training strategies show possible economic advantages in the form of a decrease in security attacks and a higher level of employee readiness. Longitudinal research in corporate sittings, however, is not abundant, especially where full-time employees are studied and the duration of evaluation is more than twelve months. To fill this gap, this paper suggests the use of a multidimensional ROI evaluation system that incorporates pre and post training evaluations, behavioural monitoring, incident monitoring and post training follow ups at 3, 6 and 12 months. The framework proposed provides a viable methodology that would assist the organizations to determine the success of the training conducted in CTF and enable them to make informed decisions concerning cybersecurity investment.

Affiliations

How to Cite

Download Citation

Comparison of the Efficacy of Capture The Flag (CTF) in Gamified Cybersecurity Training in Corporate Workforce

Abstract