In banks (and similarly regulated institutions) there's mandatory security training to educate employees. Sadly, in my experience, this "training" is essentially like those kids rides at an amusement park where you're stuck in a trolly till the end – it's slow and mostly tedious but sometimes there's one bit of trivia that might delight. In the end, there's a very simple multiple choice test that is worded to make it more or less obvious what the correct answers are. If you do get it wrong you get infinite retries and there are only so many questions...
I'd love to see mandatory education in basic cryptography and such, but in reality I'd assume that even that would end up being security theater for the sake of ticking a box on the compliance score sheet.
This sounds like the OSHA 10 class I recently had to do. I think the issue here is that if a business wants workers it is incentivized to make the tests as easy as possible, not to make sure their employees know what they’re doing.
I'd love to see mandatory education in basic cryptography and such, but in reality I'd assume that even that would end up being security theater for the sake of ticking a box on the compliance score sheet.