Most governments provide cybersecurity training for employees. But phishing is still rampant. Why? Because most training programs focus on the wrong goals and measure the wrong indicators of performance. With the right approach to security training, agencies can turn their employees into their strongest asset in the fight against cyberattacks.