Yep, all true. We get "security" training here every year, it's the same "Click on the things that could be a security issue" nonsense or one of those that looks like it was made in the XP era video things where it has to play "quicktime" videos and you have to listen to garbage to pick one thing out that means nothing in the grand scheme of things.
Most of us just have them memorized at this point and click on through. The one I was supposed to do I didn't even bother listening to the presentations, I just let them run (no audio on this workstation) and did the "test." Useless.
Do you have simulation testing where the company "phishes" employees? I have worked in orgs where you can get fired for failing too many simulation tests.
No, we're far too small for that.