The Beeb has an informative article on how hard it is to break the 128-bit encryption in common use by a lot of current software. It explains the basics of private-public key pairs without sounding too technical as well as describing other popular methods of breaking security.
Although I’ve played with brute-force tools myself, I’ve found them to be inefficient and time-consuming at best, especially when dealing with key pairs, so they’re right about it being almost impossible. Other methods, such as social engineering, seem to be much more effective.
Another common reason for breaches is poor security policies or not taking the policies seriously. Recently, a certain friend of mine (you know who you are :-)) emailed his private ssh key to his webmail address so he could use it from anywhere. This off course, makes the whole point of private keys moot since nothing is safe if sent unencrypted through email. It sent alarm bells ringing in my head and I made him generate a new key.