“Looking at how businesses get breached, most of the time, employees make a mess while using communication or collaboration tools. In most cases (51 percent), attacks occur through Gmail, Outlook, or similar external email service.”
The biggest problem in implementing the security policy is the management’s wrong approach to the issue. The most common mistake is that the IT department is solely responsible for security. Meanwhile, the company’s management must be primarily responsible for the security policy because it can only be effectively controlled and enforced. The second mistake is that the management staff remains partially or entirely outside the company’s security system, based on the fact that the president or owner can do everything. Meanwhile, it is the remotly working at different times and frequently logging onto the network from outside the office that is the most vulnerable to cybercriminal attacks.
As you can see, the most significant security threat is humans.

https://www.itproportal.com/news/it-teams-fear-their-organization-suffering-data-breach/