The "whoops factor" and the "non-deliberate insider" are just two user profiles responsible for the vast majority of global organizations being hit by a virus or worm in the past 12 months.
The annual Computing Technology Industry Association (CompTIA) survey of 574 global organizations on information security and workforce impressions of information security found nearly 60 percent of information security breaches were caused by human error through lax security training. Last year, "human error" was responsible for 47 percent of security breaches.
Brian McCarthy, CompTIA chief operating officer, said a level of "enterprise complacency" in regard to employee security procedures may be setting in.
"As we get better from a technology standpoint, many organizations seem to believe that technology solutions alone are sufficient to turn back all attack," McCarthy said.
"The primary cause of security breaches, human error, is not being adequately addressed and the person behind the PC continues to be the primary area where weakness is exposed.
"The fact remains that no technology on its own can be completely successful without an equally strong commitment to information security awareness and training throughout every level of the organization."
The survey also found 29 percent of those interviewed said security training is a requirement and only 36 percent of organizations interviewed offer security awareness training for employees.
Adoption of antivirus software was at 96 percent, and 91 percent of respondents currently use firewalls and proxy servers.
In the Asia Pacific and Asian region, more than 72 percent of companies were attacked by a virus or worm in the past 12 months according to a research program conducted by analyst firm Frost and Sullivan commissioned by Juniper Networks.
The survey interviewed CIOs, directors, IT managers and network administrators in Australia, China, India, Japan & South Korea and found more than half of those interviewed in Australia expect the malware and spyware threats to increase in 2006.
Greg Bunt, Juniper Asia Pacific emerging technologies manager, said a lot of organizations are spending the dollars on security, but a significant percentage of attacks happen on a network because of a user or the "whoops factor" created by the "non-deliberate insider".
The Australian Information Security Satisfaction Monitor released by analyst firm Frost & Sullivan this year surveyed 269 Australian organizations and found 76 percent had suffered a network worm, trojan or virus outbreak in the last year.
Frost & Sullivan analyst James Turner said three-quarters of Australian enterprise firms are basically wasting time putting out fires - a driver for the increase in managed security service adoption.