I thought I should clarify my post above a little.
Most hacking comes from the inside and not from the outside of the gateway. I differenciate between malicious hacking and human behavior, very much so.
True hacking attempts trying to elevate rights (copying cards to gain access to parts of the building where the employee have no business) and other deliberate malicious activities originating on the inside will be investigated to catch the one responsible and get him fired.
A game download is no deliberate malicious activity, it is just human behavior and in all fairness, it is fun you know. The employee typically sees it that way as well and hence "Damn that (meaningless) corporate policy...". In other words, he does not want to do any harm, he just want to have a go... and a creative person is creative wherever he is
Before you all go "what the... He should damn well do company business" I'll tell you a little introduction as to why I voice this opinion.
Years ago, I was battling an employee who I am sure played games for an hour each day. This guy was a "turbo" salesman the best in the company at the time. A really creative user in the network too, way above average I must add, but naturally, I managed to tie down the security on his computer and user account so he was unable to play shit.
Now, as it turned out, it was a short-sighted egocentric move seen only from the IT-security point of view. During the next three months, his 'drive' and contribution sank down to average. I feared there was a connection and so I invited him for a beer. During the evening and as the beers went down, I came to understand that much of his 'drive' positive attitude and inspiration came from playing games.. I also understood that he spent way too much time figuring out how to be able to play games again and outsmart the IT department (how sweet)
Long story short... Whatever works, I spoke to the CEO and got a good go for my 'research project' - went to work on Sunday and lifted his security. patched the network and raised the security level for his access to the company network to the highest possible which was not usual at the time.
Then came Monday and sure enough before 9:00AM I noticed he had a game installed (in other words, I did let him win the fight unknowingly and I guess he was ever so proud with his achievement).
The next month, the employee once more was the "turbo" salesman we knew. It goes to show that IT is more than just technology, it is also management of human resources for the better for all.
During my three years with the company, we silently registered several games without his knowledge as we have to - The employees do not think in those terms, that's all. Now what if I tell you that those registrations were some of the best investments?
We are together on an average eight hours a day and for any employee, it is important that they enjoy staying with the company while contributing, they usually contribute more then. if not.... Out!
Malware is unavoidable in any and all networks, but if you do not mind, I would like to isolate the subject as it is imo not really games that poses the biggest risk, it is the internet and in fact, the part we can not live without is worst... Social media. So please, let us not 'jazz up' the games part.
As I write above, their fumbling attempts in trying to fool the IT department only contributes to building more secure networks in the future. Speaking for myself, I know the technology months/years before any user tries to use it in my network, but be aware, I do check your contribution as well. If that is good, I am a candidate to let you 'win' the fight as I am way wiser than I used to be, recognizing you to be a human being just like myself and not only an employee number.
... and that is no two cents, that is millions of dollars in the fountain...