Some security incidents cannot be prevented or detected by technology. An example is social engineering, which is the art of manipulating people that does not require the use of technology and may be applied over a telephone call to steal information (e.g. confidential data, passwords) or even on site by gaining physical access to restricted areas. Unfortunately, there are little to zero technical controls that can be used to avoid this sort of attack, so the only feasible option is to have your users aware of the threats and how to deal with them.
When an enterprise's employees are cyber security aware it means they understand what cyber threats are, the potential impact a cyber-attack would have on the organization, and the steps required to reduce risk and prevent cybercrime from infiltrating their online workspace.