I'm a student writing a capstone project on how human error contributes to cybersecurity breaches and hacking incidents. It's easy to find news articles and published security surveys [see {0..3}] that generally point to aggregate data, but I'm looking for details from actual IT / security professionals on their actual experiences with breaches.

Have you ever responded to a breach or incident you thought was caused by human error? Was it a problem caused by an end user (phished, spearphished, etc) or by someone else in IT (forgot to apply a patch, ports left open, system misconfigured, etc)? What's something that your organization is doing to meet and reduce these threats?

Answer any questions you'd like, thanks for helping!

[EDIT: Formatting.]

[0] - https://securityintelligence.com/the-role-of-human-error-in-successful-security-attacks/

[1] - https://www.shrm.org/resourcesandtools/hr-topics/risk-management/pages/human-error-top-cause-data-breaches.aspx

[2] - https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEW03073USEN

[3] - https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon