CISOs and HR leaders should clearly communicate company policies regarding cybersecurity incidents and coaching. CISOs should communicate to employees that they will receive education that is specific to each individual. The only way to enact meaningful change is to establish the right tone. Don’t make employees feel stupid or shamed. The learning experience should feel organic and authentic, while also being presented in a helpful tone ‘ rather than bashing or pointing out mistakes. This will be key in properly securing organizations from today’s highly sophisticated and relentless cybercriminals.
Source: https://www.helpnetsecurity.com/2021/06/02/positive-reinforcement-combating-cybercriminals/