All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Dear Authors,
I am grateful for your responsiveness to the reviewers' comments. The paper is now suitable for publication following this final revision.
Best regards,
[# PeerJ Staff Note - this decision was reviewed and approved by Vicente Alarcon-Aquino, a 'PeerJ Computer Science' Section Editor covering this Section #]
authors have addressed the required major modification efficiently. There are some drafting notes must be considered before publishing as follows:
1- careful reading for repeated words and grammar, e.g. line 127, authors repeated the word "review".
2- line 364, authors used the operator "=" for the years 2021,2022,2023,2024, while they did not use the same operator for ranking other years.
'no comment'
'no comment'
'no comment'
Dear authors,
Thank you for the revision. While one reviewer has indicated that the revised paper meets the requisite research standards and can be published in this form, another reviewer has stated that the paper does not meet the necessary standards and cannot be accepted for publication. We therefore encourage you to address the concerns and criticisms of Reviewer 3 with respect to basic reporting, experimental design, and the validity of the findings. Once you have updated the article accordingly, we would be happy to consider a resubmission.
Best wishes,
After being checked, this research has been able to meet the standards that should be. The format has been tidied up so that it is in accordance with the standards that have been set
The methodology has met the standards and can be understood by readers.
Has met research standards
The research is good enough and can be published and meets research standards.
Despite authors addressed some of the previously provided comments, other comments have not yet been addressed.
- The paper need carful proofreading
o There are some typos, like line 395 the word “increaseffective”, line 231 “insights and advice”
o Some abbreviations have been mentioned before explaining its terms, ex. Line683 “Q-learning”, and SMEs line 656, which the full term was explained in line 665
-Although this field has been reviewed several times before, the paper attempts to focus on literature from 2015 to 2024 using specific selection criteria for adaptive gamification-based cybersecurity in the financial domain. Despite a qualitative summary is provided in Table 8, the paper falls short in explaining/discussing that table in the paper itself and lacks the point of view explanations for preference between mentioned literatures, which was expected due to the abstract line 31.
-The exclusion criteria, as illustrated in “fig2,” were not thoroughly explained, and the methodology for the "available data" phase seems inconsistent. Since
“number of articles align with the techniques = 110, excluded articles=66, 110+66=176, the input number of papers is 174.
-Introduction section still needs careful redrafting.
- line 120, authors mentioned that the paper focus on e-banking sector, while in the abstract they mentioned the financial industry section in general.
-line 73, the paragraph talks about Badges, where in line 77 authors mentioned “customers access the rewards and discounts”. The rewards have another paragraph at line 61.
-line 84-86: in avatar and fantasy elements, authors start by classifying gamification objects to non-visual and visual. Please move such classification to the paragraph line 59-60 and mention the difference between elements which is considered visual and which is not.
- The survey methodology is still inadequate. The stated aims mentioned in the abstract (lines 27-32) are not well covered in the paper. Since some of the assessment criteria are not clear as will mentioned later, and the evaluation of the machine learning techniques still missing.
-
Is there a well developed and supported argument that meets the goals set out in the Introduction?
Authors achieved some of the mentioned goals but still there are some comments as follows:
- Not all goals are covered as mention, especially for the evaluation based on machine learning techniques as mentioned before.
- For RQ1:, quality assessment criteria from line 350-369, the used symbols are A,B,C for conference ranking as in fig2, and A,B,C symbols are used again in the same subsection to represent the other criteria as in table6. If you please use different symbols for table6 to distinguish between conference ranking and assessment criteria.
- Why the total is used as field in table6, where the analysis did not used from it.
- In table 7- how the score is calculated, please mention the formula for it, and what is the importance of the total field?
Does the Conclusion identify unresolved questions / gaps / future directions?
- This conclusion summarizes the key findings of the review and emphasizes the importance of gamification and AI-driven approaches in enhancing cybersecurity within the financial sector. It effectively ties together the insights gained from academic sources, highlights the diversity of cyber threats, and underscores the significance of both game-based and non-game-based methodologies in detecting and preventing these threats.
Dear authors,
Thank you for submitting your Literature Review article. Feedback from the reviewers is now available. It is not recommended that your article be published in its current format. However, we strongly recommend that you address the issues raised by the reviewers and resubmit your paper after making the necessary changes. By the way, differences from the literature review articles published within this topic should also be provided. Clearly reported, reproducible, and systematic methods should be provided in order to identify, select, and critically appraise relevant research. The Abstract should be attractive and contain motivation. The Introduction section should adequately introduce the subject and make it clear who the audience is and what the motivation is.
Best wishes,
**PeerJ Staff Note:** Please ensure that all review and editorial comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
**Language Note:** The review process has identified that the English language must be improved. PeerJ can provide language editing services - please contact us at [email protected] for pricing (be sure to provide your manuscript number and title). Alternatively, you should make your own arrangements to improve the language quality and provide details in your response letter. – PeerJ Staff
It is following the scope of the journal
Cybersecurity protects computers, networks, software applications, critical systems, and data from potential digital threats. Organizations are responsible for securing data to maintain customer trust and meet regulatory compliance. In this research, we found something interesting: gamification. The development of gamification in finance is innovative.
In the introduction, we can find that the strategic implementation of gamification in e-banking holds the potential to capture customer attention, drive engagement, foster retention, and contribute to the central business objectives. Here is the key where gamification can be applied significantly
The methodology is unbiased and well-explained
Citations are appropriate and have been paraphrased appropriately
The review is organized logically and systematically
This section is a well-developed and supported argument, "Cybersecurity threats targeted at financial institutions and personalized activities have increasingly customized their malicious actions to specific users or organizations. Gamification strategies incorporate game-like elements to engage and educate users. This approach enhances user awareness and encourages proactive participation in cybersecurity practices. Financial institutions must understand and actively combat these threats to protect their assets, data, and reputation in an ever-evolving cyber landscape." infections, and advanced persistent threats, while non-game-based threats include social engineering and regulatory compliance issues."
The conclusion has identified the future direction, and there is a future direction.
This research is fascinating because it is a development of gamification in the financial sector.
- The manuscript requires major English proofreading.
- Abstract Section: rewrite this section by removing any idea repletion. Also, the last sentence is disconnected from rest of the Abstract section.
- Introduction Section: improve this section by starting the discussion of exploring the use of gamification in diverse applications, then focusing your discussion on the cybersecurity context within the financial sector.
- 1.2 Background Section: provide more discussion about the cyber threats the financial sector currently faces. Also, discuss the challenges associated with using traditional methods to spread cybersecurity awareness.
- Replace the figures with higher resolution images.
- Conclusion Section: summarize the research key findings and their implications. Also, provide future research directions.
- Methodology Section: the search string can be improved by adding more terms such as “banking”, “insurance”, and “investment”.
- Answering the Research Question Section: (1) for the paragraph “Table 7 presents an overview…”, provide more discussion on the used scoring process. Also, what does a 2.5 score indicate about quality of the research?
- Provide more discussion on the challenges and limitations of using gamification in the financial sector.
N/A
N/A
-Is the review of broad and cross-disciplinary interest and within the scope of the journal?
The review aims to explore adaptive games used to identify cybersecurity risks and increase awareness of these threats in the financial sector.
-Has the field been reviewed recently? If so, is there a good reason for this review (different point of view, accessible to a different audience, etc.)?
Although this field has been reviewed several times before, the paper attempts to focus on literature from 2015 to 2024 using specific selection criteria for adaptive gamification-based cybersecurity in the financial domain. Despite a qualitative summary is provided in Table 8, the paper falls short in explaining/discussing that table in the paper itself and lacks the point of view explanations for preference between mentioned literatures.
The paper selection process also missed key terms like "financial domain" (lines 195-199), and the exclusion criteria reduced the initial 1099 results to just 48 papers. The exclusion criteria, as illustrated in “fig2,” were not thoroughly explained, and the methodology for the "available data" phase seems inconsistent.
-Does the Introduction adequately introduce the subject and make it clear who the audience is/what the motivation is?
The introduction is disjointed and lacks clarity regarding the specific domain of focus. For instance, the abstract references the financial domain (line 38), then narrows it to e-banking services (line 84), only to generalize it again (line 89). The target audience is unclear, and the paper does not include an analysis of the impact of the survey on users. This omission is critical, particularly given that the paper aims to assess the effectiveness of personalized or adaptive games in mitigating cybersecurity risks.
- Is the Survey Methodology consistent with a comprehensive, unbiased coverage of the subject? If not, what is missing?
No, the survey methodology is inadequate. The stated aims and objectives (lines 172-173) lack detailed analysis and are not well-integrated into the rest of the paper. The goals mentioned (lines 175-179) are vague, and the study’s impact on the financial sector is not sufficiently addressed in the results or analysis sections. Consequently, the paper fails to present a clear vision of how the financial sector might benefit from this review. Additionally, the paper's claim of innovation (lines 190-193) is overstated, as similar aspects have been explored in previous studies (e.g., Bayuk and Altobello 2019). Repetitions and redundancies further weaken the methodology, with repeated content in lines 208-213 and 215-217, and between lines 219 and 223.
- Are sources adequately cited? Quoted or paraphrased as appropriate?
The citation of sources is problematic. Some references, such as Luh et al. 2020 (line 332), are not relevant to the financial domain, focusing instead on the education sector. Similarly, Swacha and Gracel 2023 (line 144) pertains to machine learning with cybersecurity in information systems, not finance, and Kavrestad et al. 2022 (line 356) is also unrelated to the financial sector. Additionally, some cited papers have more recent and relevant updates that were overlooked, such as a 2022 follow-up to Luh et al. 2020, which offers a more advanced discussion of the same topic (PenQuest Reloaded: A Digital Cyber Defense Game for Technical Education | IEEE Conference Publication | IEEE Xplore.
**PeerJ Staff Note:** It is PeerJ policy that additional references suggested during the peer-review process should only be included if the authors are in agreement that they are relevant and useful.
-Is the review organized logically into coherent paragraphs/subsections?
The review suffers from disorganization and redundancy. Sections are unnecessarily long and fragmented, such as the introduction, which is split into two overly extended subsections. The methodology section strays from the paper’s scope by discussing non-gamification techniques (lines 350-383), which detracts from the focus on adaptive gamification in the financial sector.
-Is there a well-developed and supported argument that meets the goals set out in the Introduction?
No, the paper lacks a well-developed argument that aligns with its stated objectives. To strengthen the argument, the authors should provide a more detailed explanation of the tables included in the paper, clearly highlighting their perspective and linking it to the hypothesis. This approach would create a more cohesive and convincing narrative that better supports the paper's objectives.
-Does the Conclusion identify unresolved questions / gaps / future directions?
This conclusion summarizes the key findings of the review and emphasizes the importance of gamification and AI-driven approaches in enhancing cybersecurity within the financial sector. It effectively ties together the insights gained from academic sources, highlights the diversity of cyber threats, and underscores the significance of both game-based and non-game-based methodologies in detecting and preventing these threats. The conclusion could be more precise and focused by clarifying the scope of the terms used. For example, the phrase "game-based and non-game-based cyber threat platforms" is somewhat vague, and it would be helpful to specify what non-game-based platforms are being referred to and how they differ from game-based ones. This would provide a clearer understanding of the types of methodologies discussed and their respective roles in cybersecurity. Additionally, the discussion on AI tools could be strengthened by providing a more detailed explanation of how AI specifically contributes to enhancing cybersecurity protocols within gaming environments. This would offer a deeper understanding of AI's role in identifying, predicting, and mitigating cyber threats. The conclusion could also be revised for conciseness by streamlining certain sentences to improve readability and impact. For instance, the phrase "providing valuable strategic insights to strengthen the overall cyber defense" could be simplified to "offering strategic insights to enhance cyber defense," making the text more direct and engaging. Finally, the conclusion could be improved by linking to future directions. While it briefly mentions the need for proactive adoption of these approaches, it could be strengthened by suggesting specific areas for future research or practical implementation, such as integrating gamification with AI, exploring new threat detection techniques, or developing more effective training programs for cybersecurity professionals. These suggestions would provide a more forward-looking perspective and guide further exploration in this field.
the paper missed important analysis and explanations that must be considered, as example, authors provided a good summary for reviewed papers in Table 8 and Table 9. However, they missed and ignore explanations and comments including reflection on methods/tools platforms used, they did not discuss or addressed the following point,
- which certain methods might be better than others and why,
- which tools or methods are better or preferred, regarding their impact, to be used in the Finacial domain and why,
- recommendations on particular tools/methods/platforms to be used in the financial sector based on the conducted review is missing as well.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.