Re: OMG we're all skrude!!!
I tend to agree. The message from work like this should simply be "These are good security practices, follow them because you don't know what might happen if you don't."
Some of them are a bit like "If you go into the red light district of an unfamiliar city unaccompanied and a dodgy looking character asks if you want to go down a long dark alley to meet his sister, you might not be going to meet an attractive, 18 year old, disease free nymphomaniac." It may be interesting in a Schadenfreudian way to read about people who did, but at some point someone is going to say "couldn't this just be generalised into "don't go down dark alleys in red light districts".
This is quite different from things like Spectre, of course, which doesn't have a simple, obvious mitigation like "turn off when not using and keep secure when off site".