Achieving compliance should not be the goal of a board of directors or C-suite. Aiming for a more mature risk-based approach that uses gamified learning will provide better assurance, and better value that traditional compliance-based security awareness training.
If your organization’s security awareness training is causing training fatigue, can it really be helping employees to resist cyber attacks?