The issue matters because it underlines the way that modern security is a human and not just technological problem.
"Let's get out of the geeky mindset of admonishing the 'stupid user'; instead, make them part of your organization's security posture by cultivating relationships through open communications and positive criticism," argues PhishMe's Carey.
Perhaps Sjouwerman is just thinking beyond this general scenario. If education fails, what's next?
Sign up for CIO Asia eNewsletters.