which of the following are common causes of breaches
Common causes of breaches almost always trace back to people, passwords, and poorly protected systems. The most frequently cited causes include human error, social engineering (like phishing), weak or stolen credentials, unpatched software, and malware.
Core common causes
- Human error (sending data to the wrong person, misconfiguring systems, losing devices, using the wrong email fields, etc.).
- Phishing and social engineering that trick users into clicking malicious links or revealing credentials.
- Weak, reused, or stolen passwords and lack of multiâfactor authentication.
- Unpatched vulnerabilities and poor configuration (not updating software, exposed services, misconfigured cloud storage).
- Malware and ransomware that exploit users or unpatched systems to gain access or encrypt data.
- Insider threats, both negligent (careless staff) and malicious (disgruntled employees or contractors abusing access).
Typical âwhich of the followingâ options that are correct
In many test or exam questions on âwhich of the following are common causes of breaches,â the correct options usually include things like:
- âPhishing emails or social engineering attacksâ
- âWeak or reused passwordsâ
- âFailure to install security updates or patchesâ
- âMisconfigured servers, databases, or cloud storageâ
- âMalware or ransomware infectionsâ
- âEmployees accidentally sending information to the wrong recipientâ
- âInsiders abusing privileged accessâ
By contrast, obviously unrelated items (for example, âusing encryption,â âregular security training,â or âstrong access controlsâ) are typically not causes of breaches, but are controls to prevent them.
Quick HTML table for reference
| Cause | Why it leads to breaches |
|---|---|
| Phishing / social engineering | Tricks users into giving away passwords or running malicious content. | [7][1]
| Weak or stolen passwords | Attackers guess or reuse credentials to log in as legitimate users. | [2][1]
| Human error | Mis-sent emails, wrong access settings, or lost devices expose data. | [5][7]
| Unpatched vulnerabilities | Known flaws let attackers exploit systems remotely. | [1][2][3]
| Malware / ransomware | Malicious code steals, encrypts, or exfiltrates data. | [3][1]
| Insider threat | Employees or exâstaff misuse legitimate access. | [8][3]
If you are answering a test question
When you see âwhich of the following are common causes of breaches,â select the options that:
- Involve mistakes or manipulation of people (phishing, misâsent data, misconfigurations).
- Involve weak security controls (weak passwords, no patches, poor configuration).
- Involve hostile actions (malware, hacking, insider abuse).
Avoid choosing items that are clearly protective measures (e.g., âencryption,â âbackups,â âsecurity trainingâ), as they reduce breach risk rather than cause breaches.
Information gathered from public forums or data available on the internet and portrayed here.
