Stuart Schechter (MIT Lincoln Laboratory) , Rachna Dhamija (Harvard University & CommerceNet), Andy Ozment (MIT Lincoln Laboratory & University of Cambridge), Ian Fischer (Harvard University) published an interesting report on security.
They evaluated "website authentication measures that are designed to protect users from man-in-the-middle, "phishing", and other site forgery attacks."
I think this report shows pretty well that quite frequently people are the weakest part of security systems.
You can read about the report here: http://usablesecurity.org/emperor/
The whole report: http://usablesecurity.org/emperor/emperor.pdf