The results speak for themselves.
“The report, based on anonymised data from real organisations that have had their networks tested, said that for 71% of companies, there’s at least one obvious weakness that could provide malicious outsiders with entry into the network.”
I’ll save you the click, but you should go look at the details, but the two ways they were commonly able to get in? Weak passwords and unpatched software.
That’s not a technical issue, that’s a cultural one.