Think back to all of the corporate training you’ve sat through during your career. Chances are (especially if you’ve worked at a large enterprise), that some of that training had little relevance to your job duties. How much knowledge from those courses did you retain? Although you technically completed the training, would you have been able to apply any of the information you were given in real life?
For many employees, security awareness training falls into this category. It’s something they probably don’t care about, and that doesn’t help them do their jobs. This is why traditional awareness training has failed. Users will do what they have to do to get through the training, check the box, and get back to their regular jobs. Their security awareness training is now a distant memory buried in a pile of other dull corporate training they’ve been forced to endure over the years.