Why don't people care about cyber security, and what can we do about it?
There are two main reasons that this problem exists.
1) IT looks after that.
Ah yes, the old classic, but it persists. Cyber / IT security put all the tech in place to spot the scams, and protect the company. We've got the latest greatest firewalls and email filtering, and it should keep us safe. And yet, when people are targeted, it often won't. There's a disconnect here that needs to be addressed. People need to understand that they are the biggest target, and if they are not suitably knowledgeable then they are vulnerable, and that means the company is vulnerable.
2) It's all about the business.
This is the biggest problem by far - people are shown boring training that relates to the business. Don't do that. Give them engaging training that shows them how they will personally lose money and confidential information, and how that will impact their lives and the lives of their family. When you do this, the "care factor" becomes massive, and they will engage and learn to keep themselves safe. Every example that talks about the business is a missed opportunity to achieve buy-in, and buy-in creates change!
This is something Web Safe Staff has ALWAYS focused on - our content / stories / examples / memes focus on keeping someone personally safe from cyber criminals. And we teach simples rule to deal with these scams.
The beauty of this approach is that everything they learn to keep themselves safe completely relates to keeping the business safe too. They're not going to forget it magically because they've come into the office!
____________
So think about the training your staff have received. Do they reflect on it, and do they talk to others about it? e.g. "Wow I didn't know that, so scary!". That's what you want to hear post training. You want the lightbulbs to be going off in their head, and to do that, make it personal.