A health insurance company contacted me in 2023: "My 1,200 employees pass the phishing module every year. 100% validate it. And 28% still click on my biannual simulations."We deployed a "phishing or not?" card game distributed in all services. Bi-monthly, 15 minutes in team. Six months after: 13% clicks instead of 28%. Awareness had turned into reflex.
An effective cybersecurity awareness game targets reflexes rather than knowledge: recognize a phishing in 5 seconds, identify a suspicious request, know who to contact in case of doubt. Here are the 3 formats that work (phishing-or-pas cards, game plateau attacks-defenses, escape game cyber-incident) and the method of co-design with RSSI.
Raising awareness of all collaborating profiles
A cybersecurity awareness game for employees The challenge is to design a universally accessible format, which does not imply prior technical knowledge or IT vocabulary. Concepts must be explained in business language, illustrated by common business situations (receipt of suspicious email, sharing of password, loss of telephone).
This accessibility does not sacrifice anything to cyber rigor: the best practices transmitted are validated by the RSSI and aligned with the ANSSI recommendations.
Accessible and deployable formats
Three formats are effective for a cybersecurity awareness game for employeesThe "real or fake cyber" card game: 60 affirmation cards, to be classified as teams, duration 30 minutes. The giant wall quiz: large format displayed in break room or cafeteria, played by tour throughout the month. The board "day of a collaborator": 4 to 8 players go through a typical day with choice of behavior at each stage.
For multi-site deployments with animation autonomy, the cards and the wall quiz are the most suitable. For in-depth manager workshops, the board is preferable.
Priority content
The content of a cybersecurity awareness game for employees covers the 8 priority themes ANSSI for the general public: recognize phishing by email, create and manage passwords, use multifactor authentication, secure telework and public wifi, manage removable media (USB, disks), protect personal and professional data, report an incident, understand social engineering.
Craft Your Games works with cyber experts to validate content. Our form specifies your priority themes and your level of cyber maturity.
3 mistakes to avoid
- Too technical vocabulary : an awareness game all profiles must be readable by an accountant as by a dev.
- No update : phishing techniques are evolving. Provide for an annual review of content.
- No connection to internal tools : integrate your real tools (password manager, MFA, incident reporting) creates the immediate connection to the daily.
Have a custom game project?
Design, manufacturing, delivery turnkey. Detailed quote within 48 hours, free and no commitment.
Request a quote in 48hCosts and MOQ : what we don't tell you in the initial quote
The initial quote for a project cybersecurity awareness game collaborators almost always hides three variables that tilt the final budget. First variable: the actual MOQ per component. A manufacturer can display an overall MOQ, but impose distinct minimums per sub-element (specific cards, soft-touch lamination, printed wooden tokens). The quote announced in overall MOQ is therefore rarely the actual quote on arrival - hence the importance of requiring a breakdown by component to assess the consistency of the costing.
Second variable: the cost of tooling dies and plates. For an offset series, the plates represent an initial investment amortized over the quantity. On small series, this tooling cost is mechanically heavier per unit - which can transform the perception of the displayed unit price. Any serious quote distinguishes the material cost, the tool cost and the labor cost. If your quote shows a single unit price without breakdown, ask for it systematically.
Third variable: post-production logistics cost. Individual cellophane, placed in master carton, palletizing, labeling, multi-site transport, insurance: these lines are regularly forgotten in the first costing. For B2B projects delivered on several French sites (typical scenario of a large group distributing its cybersecurity awareness game collaborators to several regional branches), require a costed logistics simulation before signing. This precaution avoids the surprise of a final invoice higher than expected.
On the MOQ side, several economic levels structure the market: a small volume for a test project (high unit cost but controlled investment), an intermediate volume for an initial deployment (declining unit cost), a large volume for a large deployment (optimized cost), a very large volume for a multi-year strategic project (floor cost). Choosing the right level involves balancing commercial risk and economies of scale - the classic error is to aim between two levels and pay the unit cost of a small series without benefiting from a real economy of scale. For a quote tailored to your real needs, our team will get back to you within 48 hours.
The 5 classic traps to avoid on a cybersecurity awareness game project
Of the hundreds of projects cybersecurity awareness game collaborators that we have supported since 2018, five errors recur more often than the others. Identifying them allows you to save several weeks on the project schedule and better control the budget. Here is the list, in order of observed frequency.
Pitfall #1: briefing the manufacturer too early. Before contacting the manufacturer, four internal decisions must be made: precise target audience, context of use (meeting, trade show, kit sent), expected behavior, internal validation circuit. Without these four decisions, any quote is arbitrary - therefore useless. This error systematically generates several commercial round trips and several lost calendar weeks.
Trap #2: underestimate the internal validation time. The period announced by the manufacturer generally starts after validation of the Good to Shoot. However, the validation of the BAT (Good to Print, validation before printing) often takes more time than expected on the client side: back and forth graphics, legal validation for packaging, internal compliance verification. Anticipate this validation time in your back-planning.
Trap #3: not testing the prototype in real conditions. A prototype validated "in the office" can reveal critical defects in use conditions (room light, attention span, multi-player context). A structured test session with testers representative of the final public reveals the majority of critical defects before series production.
Trap #4: neglecting the post-manufacturing phase. Packaging, kitting, storage, split shipping: these steps represent a significant portion of the total budget but are often forgotten in the first estimates. Frame them from the initial brief to avoid unpleasant surprises at the time of delivery.
Trap #5: underinvesting in the creative brief. A creative briefing rich in visual references and textual details massively reduces the number of back and forths in the model phase. A vague brief mechanically generates significant readjustment costs and a schedule that slips. Invest time in the brief before launching manufacturing - this is the best ROI on a project. cybersecurity awareness game collaborators. (learn more about our see the creator's guide)
Sources and references
- INSEE — French games & toys market studies 2025
- European standard EN71 — toy safety (EN71-1 mechanical, EN71-2 flammability, EN71-3 chemical)
- FFJP — French federation of toy and childcare industries
- AFNOR — responsible paper labels PEFC and FSC
- Bpifrance study — SMEs and B2B purchasing 2026
If you are planning a project on this subject, we manufacture in the EU with EN71 compliance, vegetable inks and responsible paper certifications. Estimated quote within 48 hours.
Request a quote