Just 4% of users of corporate systems abide by IT security policies, even when that system handles very sensitive private information according to an academic survey [pdf] that has revealed humans to be the main flaw in any security system.
Researchers at the University of Wisconsin-Madison and IT University, Copenhagen found that just 4% of the people surveyed obey best practice rules for passwords. The rest use the same passwords for different systems or use words that appear in the dictionary or write their passwords down on post-it notes beside the computer. Read the full story [out-law.com]