Not more security, but appropriate security
I suspect that the problem is not tighter IT security, but appropriate IT security levels that still allow people to do their jobs. I'm sure that most people who work in large organisations have come across incidences where IT Security is actually too tight and restrictive - this then forces people to find "alternative" methods of carrying out their job (eg sharing user-id's and passwords because a colleague has higher level access to a system), rather than going down the formal route with all the bureaucracy and obstructive attitude's that seem to stem from IT Security Departments