John McCormick Lists 5 reasons generally overlooked by organizations that can result in huge security issues.
1. Failing to enforce security policies
2. Ignoring new vulnerabilities, generally sent by automated notifications.
3. Relying too much on technology (top ten ports to be aware off http://isc.sans.org/top10.php)
4. Failing to thoroughly investigate job candidates
5. Expecting too much from technical skills
Here is the full article.