All security countermeasures have and will fail, but security is not about preventing all losses, but about mitigating losses. Successful awareness training is not measured by the number of people who watch a video or click on a basic phishing message, but in their improved behaviors. Security awareness requires constant reinforcement of the desired topics, not randomly presenting topics throughout the year. The goal of security awareness is not simply providing people with facts. The goal is to improve peoples security-related behavior. This cannot be accomplished by just surveying people or seeing if they took required training.”]
Source: https://www.darkreading.com/compliance/why-security-awareness-is-like-an-umbrella