Explain the importance of security training program and how it will assist the organization with regards to risks that comes with data breaches. The training will prepare and assist with the knowledge of how data can be protected. The knowledge of cyber-attacks can be known through training. To overcome the reluctance, security training will be included as part of the employment contract and performance contract which will be scored. To encourage employees an incentive can be included.

Ditched the boring slideshows for real-world "hack labs." Let teams try to break into a test system - suddenly everyone was hooked! Nothing teaches password security like watching your "unbreakable" password cracked in minutes. Game-changer: Created monthly "Security Hero" awards for catching phishing attempts. Last month's winner? Our receptionist who spotted a sophisticated social engineering attack. Smart move: Made training bite-sized. Our "Security Shorts" - 5-minute weekly tips with actual breach stories - get way more engagement than hour-long sessions.

Good staff often get annoyed at things that get in the way of their job, this kind of training is like that. Try to make it fun and related to their jobs, plus give some 'this will help in your personal life' tips. Doing small group sessions with key staff, in person if possible, can also help as they will talk to others and explain why its important. Have snacks/cakes so its more informal, use as many real world examples and keep it jargon free with time for Q&A. If you can, make these people evangelists for the training and for IT/Infosec within the company. The company may be too large to train everyone this way, but doing a few people every month at random in the company will get the word around, especially if the snacks are good!