These comments from the director of the National Cybersecurity Centre at a recent event are interesting. It's a widely repeated saying that people are the weakest link, but Ian Levy strongly rejects it here.

Perhaps the real problem is in fact the complexity of human interactions with computer systems and the way that the IT industry tries to solve problems. It's certainly easier to blame 'people'. 

Could bringing in people from the wider business in to the security conversation improve the outcome?