The figures aren’t encouraging: Recent reports have concluded that most employees don’t know much about cybersecurity best practices.

The third-annual State of Privacy and Security Awareness Report, released by security education and training firm MediaPRO in 2018, found that 75% of the 1,024 U.S. employees surveyed lack cyber awareness.

Mimecast also reported similar findings. The company, which specializes in cloud-based email management, commissioned Google Consumer Research to survey 1,000 employees across various sectors and found that some 25% of them were unaware of the most common cybersecurity threats, such as phishing and ransomware attacks.

Furthermore, Mimecast found that about half of those surveyed said their employers did not have mandatory cybersecurity training, with 10% saying their employers had optional training and some 10% saying they only received formal cybersecurity training during their onboarding process.

Given those statistics, it’s no wonder that cybersecurity experts still consider humans to be the weakest link in the security layers meant to safeguard an organization’s systems and the data they contain.

That stance may be no mystery. But there’s something that has long puzzled many security chiefs: How to get more workers to care about security and be more actively engaged in protecting their organizations.

Experts say there are, indeed, strategies that CISOs can pursue to better market the security message and mobilize employees to join with their security mission – strategies that go to supporting, enabling and empowering workers vs. scaring them with tales of cyber doom and gloom.

“It’s about winning people’s hearts and minds, giving them a reason to care. It’s about helping people understand what’s in it for them,” says Joe Nocera, a principal in PwC’s Cybersecurity & Privacy practice. “CISOs who say what people shouldn’t do aren’t good at helping drive change and build support. And selling on fear, uncertainty and doubt don’t build support for the security program. CISOs need to communicate how security helps the business.”

To better market the value of security and win converts over to the cause, here are eight proven strategies that can get the job done: