Verizons 2016 Data Breach Investigations Report (DBIR) analyses more than 100,000 data security incidents across 82 countries. The DBIR found that social engineering remains worryingly effective as a means of harvesting user credentials. Almost a third (30%) of phishing messages were openedup from 23% in 2014, says Verizon Enterprise Solutions managing principal of investigative response, Laurance Dine. User security awareness continues to be overlooked as organisations fail to understand that they need to make their employees the first line of defence.”]
Source: https://blog.itgovernance.co.uk/blog/63-of-data-breaches-involve-weak-default-or-stolen-passwords