The results speak for themselves.
“The report, based on anonymised data from real organisations that have had their networks tested, said that for 71% of companies, there’s at least one obvious weakness that could provide malicious outsiders with entry into the network.”
I’ll save you the click, but you should go look at the details, but the two ways they were commonly able to get in? Weak passwords and unpatched software.
This seems like really basic stuff, but because enforcing strong passwords and keeping up with patching means possibly irritating users, especially upper management users, they don’t get done.
That’s not a technical issue, that’s a cultural one.