It may sound harsh, but making a 0% vulnerability rate your measure of success is unrealistic. That’s because there is no ignoring the human factor. Humans are fallible. Humans make mistakes - even you. You know stoves are hot, but you occasionally still get burned.
That said, before you throw up your hands and give up on the idea of security awareness and training, consider this cybersecurity equation:
Educated Human > Aware Human > Unaware Human
Awareness gets your end users thinking about the way they act, and education gives them the knowledge they need to change the way they act. Users who are totally unaware are likely to click on anything and everything — and be none the wiser. Educated users make far better decisions, make far fewer mistakes, and are far more likely to alert you to questionable emails, allowing you and your infosec response team to become more proactive and less reactive.
You allow for imperfection from your spam filter, your antivirus software, and a host of other technical safeguards. You need to allow for imperfection from your end users as well, if only because of the value they bring to your organization. They are your biggest asset, and you need to stop simply writing them off as a liability.