CISOs are responsible for pursuing cybersecurity purchases that align with the overall health of their organizations. Human actions account for 90% of all security incidents, so CISOs can reduce their overall security incidents by upgrading the ‘human firewall’ A typical enterprise runs an average of four phishing campaigns per employee. By implementing policies, controls, and technologies that focus on the individual, organizations can more effectively teach employees the right behaviors that will result in a cyber-savvy culture. Good security training programs should engage employees across multiple apps and activities.
Source: https://www.helpnetsecurity.com/2021/03/08/security-awareness-programs/