Nice Try, But..

It shifts the responsibility of security from IT to the employees is incorrect.
Explanation :
Empowering employees turns them into an active part of the security defense, significantly enhancing the organization's phishing defense mechanism.