There are simply too many chances for us to accidentally hurt ourselves or the networks on which we operate regardless of how much training we receive. The way to reduce cyber risks is not more training; it is to not trust humans in the first place. The U.S. armed forces and security agencies are a case in point. The following proposals are all about companies being proactive with strengthening the security of their own networks and computers. They will make a company and its users more secure, regardless of whether or not they receive more training.”]
Source: https://hbr.org/2017/11/more-training-wont-reduce-your-cyber-risk