According to the CS Hub Mid-Year Market Report 2022, new findings shows that 75% of survey respondents believe that social engineering and phishing attacks are the top threat vector to cybersecurity within their organization.

Here is a chart from the report with additional findings:
Source: CS Hub
Phishing and social engineering attacks far exceed the other cybersecurity threats of supply-chain/third-party compliance risks (36%) and lack of cybersecurity expertise (30%).
The most interesting take away your organization can learn from this report is that phishing and social engineering attacks rely on human error. While outright software vulnerabilities can be out of your control, ensuring your employees are well trained in new-school security awareness training is not.