Many (large and small) American companies (and other nationalities as well, sure) a top down management approach is the norm. I.e. "CEO" (or "your manager" / "person in power") says something and you jump and do it without asking any questions because you fear you'll be fired otherwise (or have other repercussions).

In such an environment, imagine the CEO / person in power giving the best sample ever to the crooks, such that they can clone your voice almost perfectly. Now, of course, CEOs are likely to be recorded in various events anyway but some others are less likely, say the CFO.

Then order some lowly finance drone to wire a billion bucks to your account (well, maybe a bit less, and make sure to use someone else's account, seven levels of money mules and 17 different crypto currencies with mixers etc. before cashing out) with your faked voice.

We caught a CEO scam that was pretty good but noticeable recently. They had cloned his voice.

It’s like how those ransomware thieves incentivize all the critical computer systems in the world to remain air gapped, which seems like an overall net positive.

In a sense I agree with you. However, really great organizations have weak links. It only needs one unfortunately. I personally don't want to be out of job because of one weak link.

Sort of to your point, we do have training (which I find obnoxiously dumb, but many seem to find it great - I just let the video run in the background and answer the questions without actually watching a single second of it) around this sort of thing and we have phishing tests that are super easy to figure out (the email headers literally tell you it's a phishing test) but various people post on internal channels "Is this a scam? I'm not sure, please help!" and not all of them are non-technical people at all.

Above a certain size of company there just are gonna be some weak links in just the wrong place(s) randomly even with the best procedures unfortunately.