| Creators: |
Schütz, Sebastian and Gewald, Heiko and Johnston, Allen and Thatcher, Jason B. |
| Title: |
What Goals Drive Employees’ Information Systems Security
Behaviors? A Mixed Methods Study of Employees’ Goals in the
Workplace |
| Item Type: |
Article or issue of a publication series |
| Projects: |
IDI |
| Journal or Series Title: |
Journal of the Association for Information Services : JAIS |
| Page Range: |
pp. 1390-1422 |
| Article: |
5 (Research Article) |
| Date: |
2025 |
| Divisions: |
Informationsmanagement |
| Abstract (ENG): |
IT security remains high on the agenda of CIOs, with employees’ adoption of security behaviors—behaviors that employees adopt to protect organizational IT assets—being a top concern. To explain when employees adopt security behaviors, the information systems security (ISec) literature has mainly employed deductive studies that draw on theory-based assumptions about goals—mostly from behavioral theories used in criminology and public health (e.g., avoiding sanctions, avoiding harm from threats, avoiding disapproval and blame). However, as these theories typically do not theorize about employees’ goals specific to the workplace, they offer limited insights into the goals that employees pursue at work. Subsequently, not much is known about the goals that motivate employees’ security behaviors at work. Against this backdrop, this research provides a complementary, inductive-first inquiry into the work-related goals that drive employees’ security behaviors. Using a qualitative-quantitative mixed methods research design, we identify four goals (Study 1) and evaluate their importance for predicting employee security behaviors (Study 2). Overall, we find evidence that employees’ work performance and blame avoidance goals are the most salient predictors of security behaviors; as a result, our findings suggest that employees engage in security behaviors primarily because they believe it will help them meet supervisors’ expectations—a key goal that has been largely ignored in the previous ISec literature. |
| Forthcoming: |
No |
| Language: |
English |
| Uncontrolled Keywords: |
Security Behaviors, Goal Systems Theory (GST), Work Performance, Blame Avoidance, Organizational Citizenship, Career Advancement |
| Citation: |
Schütz, Sebastian and Gewald, Heiko and Johnston, Allen and Thatcher, Jason B.
(2025)
What Goals Drive Employees’ Information Systems Security
Behaviors? A Mixed Methods Study of Employees’ Goals in the
Workplace.
Journal of the Association for Information Services : JAIS, 26 (5), Art. 5 (Research Article).
pp. 1390-1422.
ISSN 1536-9323
|
