As reported by CNN, Microsoft’s Security Intelligence Report found that 45% of computer viruses are caused because of a users’ actions, with phishing being the most common attack.
I can't find fault with this assessment. The question is how to increase user awareness to the point that they don't click on suspicous email, no matter how well disguised. We know a lot of these schemes are very cleverly done. Is it even possible to get most of the people to be aware most of the time?