Cybersecurity training failing!

DarkReading.com reported that “It's a story we've all heard before, yet somehow, we keep living it. Despite years of cybersecurity awareness campaigns, training sessions, and technological advances, the same fundamental security challenges continue to plague organizations worldwide.” The November 20, 2025 article entitled “Same Old Security Problems: Cyber Training Still Fails Miserably” (https://www.darkreading.com/cybersecurity-operations/security-problems-cyber-training-fails-miserably) included these comments:

This past October, during Cybersecurity Awareness Month 2025, three seasoned cybersecurity journalists, from Dark Reading, Tech Target Search Security, and Cybersecurity Dive, came together to examine a frustrating reality: We're still fighting the same battles we were fighting decades ago. Their candid discussion in this month's "Reporters Notebook" reveals why password hygiene remains poor and phishing attacks keep working, even as we pour resources into awareness programs that seem to miss the mark.

Dark Reading's poll during Cybersecurity Awareness Month painted a sobering picture — nearly 30% of companies are still clinging to those familiar 8-character passwords with their mandatory mix of uppercase letters, numbers, and special characters. You know the ones: the passwords that expire every 90 days and drive everyone crazy. Meanwhile, security experts have been advocating for passphrases like "my cat clarinet loves Sam" for years now, following NIST's guidance that longer, memorable phrases are exponentially harder to crack than complex short passwords  — but only 17% of respondents are adopting that approach. And sure, organizations are slowly adopting single sign-on solutions (34%) and password vaults (21%), but far too many remain trapped in password policies that feel more like digital archaeology than modern security.

What do you think?