which of the following are common causes of breaches
Common causes of breaches almost always trace back to people, passwords, and poorly protected systems. The most frequently cited causes include human error, social engineering (like phishing), weak or stolen credentials, unpatched software, and malware.
Core common causes
- Human error (sending data to the wrong person, misconfiguring systems, losing devices, using the wrong email fields, etc.).
- Phishing and social engineering that trick users into clicking malicious links or revealing credentials.
- Weak, reused, or stolen passwords and lack of multi‑factor authentication.
- Unpatched vulnerabilities and poor configuration (not updating software, exposed services, misconfigured cloud storage).
- Malware and ransomware that exploit users or unpatched systems to gain access or encrypt data.
- Insider threats, both negligent (careless staff) and malicious (disgruntled employees or contractors abusing access).
Typical “which of the following” options that are correct
In many test or exam questions on “which of the following are common causes of breaches,” the correct options usually include things like:
- “Phishing emails or social engineering attacks”
- “Weak or reused passwords”
- “Failure to install security updates or patches”
- “Misconfigured servers, databases, or cloud storage”
- “Malware or ransomware infections”
- “Employees accidentally sending information to the wrong recipient”
- “Insiders abusing privileged access”
By contrast, obviously unrelated items (for example, “using encryption,” “regular security training,” or “strong access controls”) are typically not causes of breaches, but are controls to prevent them.
Quick HTML table for reference
| Cause | Why it leads to breaches |
|---|---|
| Phishing / social engineering | Tricks users into giving away passwords or running malicious content. | [7][1]
| Weak or stolen passwords | Attackers guess or reuse credentials to log in as legitimate users. | [2][1]
| Human error | Mis-sent emails, wrong access settings, or lost devices expose data. | [5][7]
| Unpatched vulnerabilities | Known flaws let attackers exploit systems remotely. | [1][2][3]
| Malware / ransomware | Malicious code steals, encrypts, or exfiltrates data. | [3][1]
| Insider threat | Employees or ex‑staff misuse legitimate access. | [8][3]
If you are answering a test question
When you see “which of the following are common causes of breaches,” select the options that:
- Involve mistakes or manipulation of people (phishing, mis‑sent data, misconfigurations).
- Involve weak security controls (weak passwords, no patches, poor configuration).
- Involve hostile actions (malware, hacking, insider abuse).
Avoid choosing items that are clearly protective measures (e.g., “encryption,” “backups,” “security training”), as they reduce breach risk rather than cause breaches.
Information gathered from public forums or data available on the internet and portrayed here.