Should employees be punished for sloppy cyber security? [POLL]

Should they be held accountable for their scam-email-opening ways? Should we tell them off at assessment time, brand them with a mark of shame, or, just maybe, a third option: invest a bit more in decent security training?

Story added 12. September 2013, content source with full text you can find at link above.