Verizon recently released their 2014 PCI Compliance Report. As stated in the introduction:
"This research is based on quantitative data gathered by our qualified security assessors (QSAs) while performing baseline assessments on PCI DSS 2.0 compliance between 2011 and 2013. The companies that we assessed span many industries and countries."
One of the biggest findings? Humans were the cause of almost 70% of the breaches and that user behavior is an important factor in an organizations's overall security posture. These findings were recently confirmed with the recent Target compromise of over 100 million credit cards and identities. As documented by Brian Krebs, it all started with a phishing email. Until organizations start recognizing and addressing the human element as a key part of their risk management program, people will continue to be the weakest link.