Among the other tips that the CSO offered about sharing stories from the dark side is to leave out the real names of those affected to prevent potential fallout for those involved and for the designated storytellers to play up the juiciest elements of any incidents they detail.
"Scare them with real objective data, and they will start listening, but also feel free to sexy-up the stories," he said. "If you make it interesting, people always want to know the next story, so you should also have other examples at the ready."
Another useful method for making security threats more relevant to employees at all levels is to use peers to inform them how easy it is to get victimized, according to the Cisco security chief.
For instance, a worker who was victimized in a recent attack has become a regional spokesman for talking about security threats with other Cisco employees in the EU.
"If you have someone who does something wrong by mistake, to fire them for it is ignorant, you have to consider all the details because a lot of these things can happen to anyone, and its much smarter to allow them to help you educate," said Stewart. "Make the victim your spokesperson to tell other users their story; peer pressure is a very effective teaching tool."