top of page

Gamifying Human Risk: KnowBe4 Launches Arcade-Themed Toolkit for Cybersecurity Awareness Month

Every October, cybersecurity vendors, governments, and enterprises rally around Cybersecurity Awareness Month—a tradition that began in 2004 when the U.S. Department of Homeland Security and the National Cyber Security Alliance teamed up to make digital hygiene a national priority. Two decades later, the stakes are far higher, and KnowBe4 is betting that nostalgia and gamification can help drive home the basics of human risk management.


The security training giant unveiled its free Cybersecurity Awareness Month 2025 kit this week, aligning with this year’s theme, “Secure Our World.” The resources are designed to help companies translate technical risks into relatable, approachable lessons for their employees—often the weakest, yet most critical, link in the security chain.


“Every October, we have this incredible opportunity to reset and refocus on what really matters in cybersecurity – human risk management,” said Erich Kron, security awareness advocate at KnowBe4. “This comprehensive resource kit empowers organizations to build genuine security culture where employees understand not just what to do, but why it matters. When we empower employees with knowledge, we are not just protecting data – we are helping to ‘Secure Our World.’”


From Arcade Villains to AI Phishing


At the heart of the kit is a retro, arcade-inspired campaign that reimagines threats as 8-bit villains—turning phishers, malware operators, and scam artists into pixelated adversaries employees can “battle.” Supporting materials include:


  • Character cards featuring four “Arcade Villains” to make abstract risks more tangible.


  • Training modules, such as Insights From a Hacker and AI, Phishing, and Cybersafety, offered in up to 36 languages.


  • Posters and digital signage for offices and remote teams.


  • A Weekly Planner to structure activities across the month.


It’s a sharp pivot away from the dry compliance modules that many employees have learned to tune out. By framing cybersecurity basics—like enabling phishing-resistant MFA, reporting suspicious emails, and updating software—as interactive challenges, KnowBe4 hopes to make the lessons stick.


The Human Risk Equation


The push comes amid an increasingly urgent reality: organizations can spend millions on next-gen firewalls and AI-driven detection systems, but a single employee clicking a phishing link can still unravel those defenses. Forrester recently reported that nearly three-quarters of breaches involve some element of human error.


KnowBe4’s broader Human Risk Management platform already aims to close that gap by layering training, phishing simulations, email defenses, and AI-powered coaching. But the October initiative is about visibility—giving CISOs a ready-made playbook to put cybersecurity culture in the spotlight for four weeks.


Why It Matters


As attackers weaponize generative AI for deepfakes and hyper-personalized scams, the definition of “awareness” is expanding. Training employees to spot spelling mistakes in phishing emails is no longer enough; organizations need to instill habits and reflexes that adapt to a constantly shifting threat landscape.


That’s the challenge KnowBe4 is positioning itself to solve. With 70,000 customers worldwide, the company is framing October not just as a compliance box to check, but as an annual reset button—a cultural moment to remind workforces that security is as much about people as it is about tech.


The kit is available now, free of charge, as companies prepare to mark Cybersecurity Awareness Month. Whether arcade villains can help transform the “human layer” from the weakest link into a resilient first line of defense will be a question many CISOs will be eager to test.

bottom of page