What "lure" do you use to Phish?
Empowering, teaching, encouraging, and collaborating with employees and organizational stakeholders ("your community") on enterprise security is a great way to achieve desired results not just for cyber and information security, but also other areas of security, to include physical, human, and reputation.
Gaining "buy-in" for organizational security and safety requirements as part of an integrated culture to everyday processes, duties, tasks, and operations is imperative. How you conduct your training and awareness programs will impact the success of that
"buy-in" by your organizational community.
This article titled: "Phishing Tests Are Necessary. But They Don't Need to Be Evil", by Ryan Wright and Jason Bennett Thatcher of the Harvard Business Review, highlights some of this concept- https://hbr.org/2021/04/phishing-tests-are-necessary-but-they-dont-need-to-be-evil?utm_medium=email&utm_source=rasa_io&PostID=27935369&MessageRunDetailID=4805316170.