A clear directive (warning on usage) is required to keep human safe. This is the most effective safety protection. After all, everyone is responsible for own safety.
Similarly, a proper directive (usage terms) is deemed sufficient to keep cyber safe. It’s just a matter to exercise disciplinary process in an organization is rare leading to too many controls. Making things complicated does not necessarily enhance security but could degrade intended protection. People will try to get around controls to make life easier.