Cyber Escape Room

Your expert for questions

Thorsten Lembeck

Thorsten Lembeck
Manager bei PwC Germany

Strengthening your human firewall

Cyber attacks are one of the greatest challenges faced by companies and annual costs for cyber security could increase to as much as US$ 90 billion by 2030. Cyber security encompasses much more than just technology. This is because attacks can be traced back to human error in more than 30% of security incidents. It is therefore all the more important to increase awareness among employees about the dangers of cyber attacks – and that's exactly where the Cyber Escape Room developed by PwC comes into play.

The most common causes of human error:

  • Employees have little or no interest in IT security.
  • Employees unwittingly pass on sensitive data.
  • Systems are incorrectly configured and this results in reputational damage.
  • Companies do not set enough requirements for users in relation to cyber security.
  • Social engineering attacks are becoming increasingly widespread and employees fall for them.

Supervisory authorities have also singled out the human factor as a risk to cyber security and are increasing their focus on compliance with awareness-raising requirements. Companies can address this risk by providing the appropriate training and further education.

Cyber Escape Room

Our Security Awareness Program

PwC has developed its comprehensive Security Awareness Program to increase employee awareness about the dangers of cyber attacks. One component of this program is the Cyber Escape Room developed by PwC Germany. By allowing their IT employees to experience realistic scenarios, companies can spark greater interest in this topic and communicate complex information using a game-based approach. The Cyber Escape Room helps to reduce security incidents by strengthening awareness among employees. A major factor for success here is the excitement of a simulation that applies gamification techniques.

"In a business environment where cyber attacks are only a question of time, it is vital to be prepared."

Achim Schäfer,Partner Cyber Security & Privacy

You can see a short preview of the Cyber Escape Room in our video.

Overview of the Cyber Escape Room

What is the Cyber Escape Room? The idea

  • The idea for the Cyber Escape Room is based on live escape rooms where a small group of people must work together to find a way out of a real-life room.
  • The group has to escape confinement within a set time limit with the assistance of hidden clues.
  • In the case of the Cyber Escape Room, the participants are placed into a virtual environment, the cyber room.
  • They then have to solve puzzles that build upon each other before time runs out.

What is it about? The story

  • Based around the familiar structure of a triangular affair, the cyber security simulation exemplifies how cyber criminals combine insider knowledge and criminal resources with modern hacking strategies in order to exploit security weaknesses in a targeted manner.
  • In this specific case, a disgruntled former employee who is in prison orchestrates a cyber attack on his ex-employer, an inconspicuous bank with elite clientèle.
  • The aim of the attack is to empty the account of the managing director.

What do the participants have to do?

  • In the simulation, the participants help the hacker successfully carry out the cyber attack on the bank.
  • They slip into the role of hackers and, within a safe environment, carry out the most important forms of cyber attack themselves.
  • In doing so, they become familiar with current hacking methods such as SQL injections, brute force attacks and cross-site scripting (XSS) in a playful manner.

How does the simulation work?

  • The Cyber Escape Room is suitable for a group of 10 to 20 participants.
  • No installation is required. The Cyber Escape Room can be accessed using laptops provided by us and an on-site WiFi connection or, alternatively, via a cloud VM.
  • Participants don't need to have any detailed knowledge about IT security.
  • The simulation is realistic and has various indicators that provide assistance and measure progress.
  • The Cyber Escape Room demonstrates interconnected weaknesses with varying degrees of difficulty.
  • An in-depth simulation of the Internet, including search engines and Wikipedia, is also provided.

What is the added value?

  • The Cyber Escape Room uses storytelling to generate greater participant motivation and strengthen engagement with the topic.
  • The participants develop long-term security awareness while gaining knowledge and understanding about common hacking methods in a playful manner.
  • The number of security incidents at companies will decrease as a result of greater awareness among employees.

“The Cyber Escape Room is an exciting simulation for IT employees. Using this game-based approach, it is possible to increase consciousness about the risks that exist in cyberspace.”

Achim Schäfer,Partner Cyber Security & Privacy

Facts and figures


Events per year.


Participants from ten different countries.


Average customer satisfaction.

1,400 hours

Development time in the period from March 2018 to February 2019.

What the participants say

We surveyed participants from the widest possible range of organizations about their experiences in the Cyber Escape Room.

"I enjoyed how we developed and applied knowledge independently. The tasks were doable for a 'layperson' but participants still had to assist each other."

Employee of a MDAX company

"The level of detail in the simulation was impressive. It was great that SQL and brute force were also included. We had previously heard of them, but had never worked on them before. This meant that we could get an impression of how an attack might proceed in reality."


"The Cyber Escape Room provides a good overview of common hacking methods and concepts."

Employee of a MDAX company

"Great story! Not too difficult and also not too frustrating – a good learning experience!"


"The event organizers offer a good measure of assistance while simultaneously providing plenty of space for trying things out."

Employee of a central bank

"Good specialist assistance, exciting topic, pleasant group size and high-quality training materials – a great event overall."

Founder of a start-up

IT Security Newsletter

The Newsletter IT Security & Data Protection News provides you with regular updates on the latest changes and developments in IT security and data protection.

Learn more

Contact us

Thorsten Lembeck

Thorsten Lembeck

Manager, PwC Germany

Follow us