Mercantil Andina: always taking care of what matters, even in cyberspace

Mercantil Andina is an insurance company founded in Mendoza, Argentina, in November 1923. Throughout its more than 100 years of history, the company has always sought to provide much more than insurance plans and policies.

From the very beginning, its true ambition was to build a community, creating genuine bonds with the nearly one million insured individuals who trust the brand.

And to make this possible, Mercantil Andina has always been clear about one thing: taking care of people means protecting them in every aspect of their lives. And that, of course, includes the digital world.

Information security has always been a priority at Mercantil Andina. But in a company with dozens of branches and a large, diverse team, getting people engaged with technical topics was a constant challenge.

At first, they tried launching monthly campaigns with training sessions lasting about sixty minutes. However, as Emmanuel, the main person in charge of the cybersecurity awareness program, explains, participation was minimal and interest was nearly nonexistent.

“We’re about seven hundred people. Around sixty would sign up for the training… but in the end, only four really took part.”

Not even talks with well-known specialists managed to change the situation. The topics were important, the speakers were recognized experts, but views remained low and the impact, limited.

With tight schedules and a real competition for time between priority tasks, the training sessions simply weren’t connecting with people. As a result, unsafe habits kept repeating and the security culture failed to move forward.

Everything changed with the arrival of a new CISO who brought not only experience but also a clear vision: it was necessary to implement a gamified cybersecurity training program. A strategy capable of turning knowledge into behavior.

He already knew the approach and was aware of its potential. He spoke enthusiastically about the impact of the gamified method and how it would be unlike anything Mercantil Andina had tried before. That’s how the company decided to bring in Hacker Rangers to take its digital security training strategy to the next level.

Even before launching the first season, the Mercantil team had already identified a key ingredient for the program’s success: it had to make sense for the people living it. That’s why they started the project by actively listening to their team.

An internal survey helped uncover interests, habits, and difficulties people had with the subject. The idea was simple yet powerful: design a learning journey that would be useful for the business and engaging for participants.

Based on that, the strategy was born. The year was divided into four “waves”—the name Mercantil Andina chose for its awareness seasons—each with a central theme, lasting six weeks, and featuring weekly content.

And the results speak for themselves. Employee participation exceeded all expectations of the team in charge.

68% user access
4,413 tasks completed

When Mercantil Andina embraced education through gamification, it did so with the hope of transforming how its people related to cybersecurity.

And that’s exactly what happened! Teams realized that learning about digital security doesn’t have to be complicated or boring. It can be simple, entertaining, and, above all, engaging.

“I didn’t know much about gamification, but it was just what we were looking for. It was exactly that.”

Beyond the numbers, what Mercantil Andina achieved was a true shift in habits. Cybersecurity stopped being a distant or technical subject and became part of everyday life: in conversations, in attitudes, in the company’s culture. And it all started with a simple but crucial decision: putting people at the center of the strategy.

The changes soon became noticeable. Post-its with sensitive information disappeared from desks. The use of password generators became common practice. The program stopped being something boring and turned into a topic people casually discussed, even during coffee breaks.

Thanks to the so-called cyberattitudes, people began reporting habit changes related to cybersecurity, both at work and in their personal lives. Many shared that they were helping colleagues, friends, or family adopt safer practices. And the reports kept growing: in just three waves, Mercantil Andina  received 1,145 cyberattitudes submitted by its staff.

1,145 cyberattitudes submitted
Average of 10.1 per person

Over time, what once went unnoticed became a conscious habit. Since many people work remotely, they also began paying more attention to everyday situations outside the office.

Emmanuel recalls a very clear case: when the power went out, it was common for people to head to a café or other public space to keep working. The initial impulse was to connect to any Wi-Fi. Today, that has changed. People now know those networks aren’t safe, and before connecting, they activate a VPN.

The same happened with system updates: if before it took constant reminders from the IT team to get them done, now updates happen more frequently and naturally. People started doing it on their own, and the number of outdated devices was cut in half. Even the use of unauthorized tools (the well-known Shadow IT) dropped significantly.

“It’s as if they’ve been evangelized. They learned exactly what they needed to know.”

And this transformation hasn’t gone unnoticed by management. The Hacker Rangers platform started getting attention among C-levels and is now part of the leadership agenda. In fact, according to Emmanuel, even the CEO wants to join the game.

Having an easy-to-use platform can transform something that is usually seen as dense or bureaucratic into something much more appealing. That’s how Emmanuel describes Hacker Rangers.

He explains that, in addition to having a clear and accessible interface, the content is delivered in straightforward, clear, and didactic language. This helped bring the IT area closer to people, breaking the perception that training sessions are heavy or complicated.

“The company has very different profiles. Some are familiar with technology, while others had never had any contact with cybersecurity. That’s why having an intuitive tool was key to making the training work.”

Another factor that made a big difference was giving people autonomy. Since the platform can be accessed from anywhere at any time, flexibility was crucial for driving engagement.

And, of course, all that engagement comes with plenty of recognition. Each week, the top performers in the ranking are highlighted in the internal channels, and those who lead each wave also receive special prizes.

With the success of previous seasons, the anticipation for the next phase of Hacker Rangers is already growing among those at Mercantil Andina. And there’s good news! The next steps are already underway.

To reach every profile, the company plans to continue expanding the program. One of the upcoming initiatives will be the launch of mini-waves with content designed especially for C-levels. Since they can’t always follow an entire season but have strong interest in the topic, the idea is to offer them short, straightforward materials with strategic impact.

Another key focus will be phishing. Mercantil Andina plans to implement PhishOS, the Hacker Rangers phishing simulator, as part of the training journey. The goal is for simulations to be a positive and educational experience. Participants will be able to practice in a safe environment, learning hands-on how to identify signs of dangerous emails and how to react in real situations.

With these next steps defined, Mercantil Andina makes it clear that this is just the beginning. Cybersecurity culture is in constant evolution, and each new stage aims to turn habits into real, effective protection.