In a corporate environment, yes there should be strict and immediate consequences for lax security.

Unfortunately, in a home user environment, complete ignorance is to blame. Not negligence.


Until we educate the majority, we cannot punish them. This is not something that can be done overnight.