Research was conducted to increase the awareness of employees with regard to cyber security to fill the gap in the literature where few studies on how effective the measures implemented in organizations were reported. This research uses the outcome of the phishing drills that a public institution applied to its personnel, participation of said personnel in awareness training, and the reading statistics of regularly published information security bulletins. This has been beneficial in determining the methods to increase the cyber security awareness of personnel in organizations with 1,000 or more personnel; users were considered as a whole, and not individually evaluated. Findings report that organizations can increase users' cybersecurity awareness by systematically conducting phishing exercises, providing awareness training, and regularly publishing information security bulletins. The awareness of reading bulletins rapidly increased after phishing exercises and training and decreased in the following months; however, an increase was observed in the long term.