I just read an interesting article in a Korean newspaper about how Hyundai Capital was hacked. Hyundai Capital is the largest auto financing provider in South Korea. What I found fascinating about the article is not the attack, but the author's reaction. The author seemed to approach the hack as a radically new event, for example starting the article with "The breach in the computer network has not only sunk confidence levels to rock bottom for financial companies, for whom security is essential, but also spawned concerns about secondary effects due to leaked passwords and other information." I was very impressed by this statement and figured this must have been a massive attack. Then I read on where the author states 420,000 records were compromised. The author was overwhelmed that an incident happened compromising the data of over 10,000 people. What? That is not even seven digits. This is nothing compared to the 46 MILLION records compromised in the TJX Incident, and that happened over 4 years ago. I have done a lot of awareness work around the world. One impression I've developed is many countries believe cyber security is a western problem, primarily the United States. This may have been true in the past, but cyber criminals are a global issue now and I think many countries, and their general population, are just now becoming aware of the significance of the problem.
One of the first things a security awareness program should do is explain the problem, make sure people understand they are a target and why. Once you have their buy-in, your program will be far more effective.