Are humans the biggest security problem?

I read a story today about a person that got his mobile phone infected with a virus when he received an MMS that happened to contain hidden software. The journalist that wrote the story talked to a representative from Microsoft who said that end-users are the biggest security problem. I do not debate that users has to take some responsibility to ensure their safety but I still think that we in the industry cause more problems then most users. It is strange that in an area where so many people (and companies) depend on communication so little is done to fix the underlying problem of security. Many applications are badly designed, badly written and full of holes. Access systems are seldom used or badly implemented. In any other industry consumer groups would be shouting (and suing) suppliers that lie as much as the IT-industry does. So humans are never the "problem", let us start to think about their needs instead.