I'm a student writing a capstone project on how human error contributes to cybersecurity breaches and hacking incidents. It's easy to find news articles and published security surveys [see {0..3}] that generally point to aggregate data, but I'm looking for details from actual IT / security professionals on their actual experiences with breaches.<p>Have you ever responded to a breach or incident you thought was caused by human error? Was it a problem caused by an end user (phished, spearphished, etc) or by someone else in IT (forgot to apply a patch, ports left open, system misconfigured, etc)? What's something that your organization is doing to meet and reduce these threats?<p>Answer any questions you'd like, thanks for helping!<p>[EDIT: Formatting.]<p>[0] - https://securityintelligence.com/the-role-of-human-error-in-successful-security-attacks/<p>[1] - https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/human-error-top-cause-data-breaches.aspx<p>[2] - https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEW03073USEN<p>[3] - https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon