The single largest obstacle to information security is not Microsoft holes, nor spyware, nor viruses. It's people. Stupid people.
Recently some 98,000 social security numbers were stolen from UC Berkeley. How? It wasn't hackers. It was some dumbass who left a laptop that had these numbers on its hard drive in an unlocked office.
My first question: who leaves expensive equipment lying around, unsecured, in an unlocked office? Just because you don't stick a big "steal me please" sign to it does not mean that no one will.
My second question: Why on Earth was this extremely sensitive data stored on this machine's hard drive? Hello, password-protected network storage.
So now UC Berkely has to contact these 98,000 people, and let them know that their data may now be in the hands of evildoers because some idiot had it on his (or more likely her) computer, and left that computer lying around where anyone could, and someone did, pick it up and walk away with it.
Users.