Crack the Code

Cybersecurity awareness in corporations is often a box-ticking exercise: e-learnings that get clicked through, posters that get ignored, policies that nobody reads. Employees know they should be careful – but the knowledge stays abstract, because the dangers are too.

For Cybersecurity Awareness Month 2025, Siemens wanted a different approach: away from lecturing, towards experience. Away from helplessness, towards active engagement.

A hacker has encrypted the Cyber Sense SharePoint. Over four weeks, employees must decipher clues, solve riddles and find weekly passwords to reclaim the SharePoint piece by piece.

What makes it special: the campaign plays out exactly where employees already work – in Microsoft Teams, in the browser, on SharePoint. The notifications from colleagues, the panic in chat messages, the hacked SharePoint – everything feels real because it takes place in the actual channels.

A multimodal, interactive internal campaign that plays with all the tools and channels employees use every day – to raise awareness of the dangers exactly where they encounter them. Not to make them feel helpless, but to encourage and engage them to actively participate and practice safer thinking.

Six films form the backbone of the campaign: a teaser that establishes the threat. Four clue videos, each presenting a new riddle week by week. A closing that brings the resolution. Every video simulates a Windows 11 desktop – the camera is the employee, the screen their window into the crisis.

The hacker speaks in a distorted voice, messages appear as glitching transmissions. The tonality: threatening, yet playful. Challenging, but never humiliating. The hacker is both antagonist and game master.

Four weeks, four riddles, four passwords – together they form the final pass-phrase that decrypts the SharePoint. Each riddle uses a different principle:

• Week 1 — T9 Cipher: A number sequence that only those who remember old phone keypads can decode
• Week 2 — Internal Knowledge: A reference to the final season of an internal Siemens video series
• Week 3 — Word Search: A puzzle on SharePoint where the target word is hidden diagonally
• Week 4 — Coded Transmission: A radio frequency message containing the final password

What makes Crack the Code remarkable from a media-didactic perspective: the campaign uses no separate learning platforms or external tools. It infiltrates employees' everyday work environment – Teams messages, SharePoint, browser – and transforms it into the scene of a security incident.

The learning effect comes not from instruction, but from involvement. Employees are not told that phishing is dangerous – they experience how a message from a "colleague" pulls them into a crisis. They are not warned that SharePoint access can be compromised – they see their own SharePoint encrypted.

The progressive unlocking – a new level every week, a new password – creates commitment over four weeks. And the final pass-phrase captures the message without spelling it out: Together for Siemens Security.

Conception and development of six storyboards and screenplays. Creation of the hacker tonality – a voice threatening enough to sustain tension, yet playful enough to invite participation. Design of four riddles with different decryption principles. Gamification dramaturgy across the entire month: from the teaser through weekly escalation to the collective resolution. Copywriting of all text elements – from hacker transmissions to calls-to-action.