CISOs Reveal Top Firms Failing on Security Awareness Training

Is this a failure of will, or of process, or of failing to enforcement policies and procedures? There's something to be said about a draconian approach to enforcement. Touchy-feely really doesn't work.

With resources like these books available, there's no reason for this failure.

Managing an Information Security and Privacy Awareness and Training Program, Second Edition
Asset Protection through Security Awareness

Here's a partial list of available articles:

Why Information Security Training and Awareness Are Important

The ABCs of a Persuasive Security Awareness Program

Implementing an Information Security Awareness Program