University of Bath business simulation game helps entrepreneurs tackle cybersecurity issues

'Threats and Trade-offs' game encompasses digital security, business development and teambuilding.

Press release
Published on Friday 28 February 2025
Last updated on Friday 28 February 2025
View more announcements in Communications

A photo of a person holding a mobile phone with a warning of a cyber attack — Learning how to navigate the perils of cybersecurity

Researchers at the University of Bath School of Management have developed a business simulation game to help companies navigate the perils posed by cybersecurity issues and to learn about their team members’ attitude to decision-making, risk and reward.

Threats and Trade-offs is a free table-top boardgame and online game which puts players in the board room of a healthcare technology start-up. The challenge is to develop an innovative digital technology, grow the business and customer base, maintain customer and employee satisfaction – and not fall foul of cybersecurity threats.

Businesses can access the various versions of the game here and can learn more about how to use the game by emailing threatstradeoffs@bath.ac.uk.

“Gaming is a serious business – the military have long used games to plan campaigns and test scenarios for example – and the same principles can be applied to business development and risk management. It is an effective way to learn and expand thinking,” says Dr Oishee Kundu, one of the team behind Threats and Trade-offs.

“Watching people play a game is an excellent way to find out what their risk-taking behaviour is like. How do people react in an imaginary scenario? You can ask whether you would do the same in real life – this is invaluable in business and for understanding your teams,” she says.

Kundu and the project’s principal investigator Dr Joanna Syrda are part of the Discribe Hub+, which brings together experts from the Universities of Bath, Bristol and Cardiff, and Royal Holloway, University of London to examine how to build a safe digital future amidst the rising threat from cybersecurity issues.

Statistics from the UK government's Department for Science, Innovation & Technology from 2024 show approximately half of all UK businesses experienced a cybersecurity breach or attack in the previous 12 months. The likelihood of this grew along with the size of the business. Despite this, only 51% of the businesses surveyed had taken measures such as risk assessments, staff training or use of security monitoring tools.

“Depending on your background the game has several value propositions. We have successfully used it with business and management students, as well as with computer science students! But we would like to offer the game to businesses to help them grow safely in the digital era. So far we have received very positive feedback from the community,” Dr Syrda says.

Rebecca Keen, Director at OxCyber, which connects cybersecurity industry professionals, cyber talent, local SMEs, and startups, and was involved in the gaming workshops, said: “Threats and Trade-offs is an excellent and engaging way to bring cybersecurity to life for entrepreneurs. The game strikes a perfect balance between digital security, business strategy, and teamwork, making it accessible and valuable for all levels of cyber experience. A fantastic initiative from the University of Bath!”

Dr Syrda said she hoped the game would focus entrepreneurs’ minds on the issue of cybersecurity and make it central to their decision-making as they grapple with competing interests and demands on how to develop and sustain their business. It also offers the researchers valuable insights into human behaviour when assessing such risks.

“It will make players think: where does cybersecurity sit in the decision-making process? Where should it sit tomorrow? Cyber attacks damage your reputation and your balance sheet. These can be mitigated with a range of countermeasures, provided you invest in them at the right time,” Dr Syrda says.

“We know these decisions are not made in a vacuum: any company is balancing a lot of competing interests, and budgets and resources are finite – this game simulates that pressure and, we hope, generates new thinking,” she adds.

Dr Syrda said the researchers had observed some typical mistakes by players that were common in real-life cybersecurity breaches.

“We’ve already noticed that some players, when faced with a limited cash pot, as in real life fall victim to the temptation of not spending money on upskilling staff about the dangers of phishing attacks or purchasing multi-factor authentication until an attack has already occurred. The game punishes them with reputational damage and loss of customers! It’s all about learning by doing,” Dr Syrda says.

Media enquiries

Press Office press@bath.ac.uk +44 (0)1225 386319

Media Centre

Find information for journalists, bloggers and online commentators