Which of the following is considered a major cause of non-compliance?

Non-compliance in an organization often stems from various factors, but one significant cause is uneducated users. Users who lack proper understanding of security policies, procedures, and compliance requirements are less likely to follow them. If employees are not adequately trained on the importance of security measures and the specifics of compliance, they may inadvertently engage in behaviors that lead to non-compliance, such as neglecting password policies, ignoring software updates, or failing to recognize phishing attempts.

In contrast, while complex IT infrastructure, outdated hardware, and excessive administrative privileges can all contribute to non-compliance, they are often issues that can be mitigated through proper training and awareness efforts among employees. For instance, enhancing user education can simplify interactions with complex systems and help users understand the significance of keeping hardware up to date and avoiding unnecessary administrative privileges. Thus, addressing user education is crucial in fostering a culture of compliance within an organization.