My personal point of view is that the top root cause of the 2017 data breaches should be "human error" or simply said "negligence". In fact I understand human error as an unintended error for example a system administrator doing a mistake while performing a configuration. But for the examples listed by Calyptix here below, I see them as pure negligence. The activities should be planned enforced by proper policies, security baselines and procedures to avert the breaches.
Examples of the ways human error can lead to data breaches include:
Failure to apply patches to known vulnerabilities
Employees leaving laptops or other devices in unlocked cars, where they are easily stolen
When an employee mistakenly emails sensitive information to an unintended party
When a database containing confidential information is unintentionally configured to be internet facing, and thereby accessible by search engines