Does deterrence work in reducing information security policy abuse by employees?

Hacking into corporate IT systems and individuals’ computers is no longer a sport for bragging rights, but a major organized economic activity aiming for significant profits controlled largely by underground networks of criminals and organized crime on a global scale. The financial impact of the computer crimes and related activities is estimated at over one trillion dollars each year worldwide. Unfortunately, despite significant advances in hardware and software technologies against computer and network offenses, in the digital security ecosystem around any organization, human agents are still the weakest link in the defense against outside attacks and the most dangerous to the organizations from within. Indeed, the effectiveness of other elements in the security system, such as security technology, organizational policies and procedures, as well as government regulations, are largely dependent on the effort of the human agents, especially those who work within the organizations.