Productivity vs security: mitigating conflicting goals in organizations

Peter Mayer (Faculty of Computer Sciences, Technische Universitat Darmstadt, Darmstadt, Hessen, Germany)
Nina Gerber (Faculty of Human Sciences, Technische Universitat Darmstadt, Darmstadt, Hessen, Germany)
Ronja McDermott (Faculty of Human Sciences, Technische Universitat Darmstadt, Darmstadt, Hessen, Germany)
Melanie Volkamer (Faculty of Computer Sciences, Karlstad University, Karlstad, Sweden and Faculty of Computer Sciences, Technische Universitat Darmstadt Darmstadt, Hessen, Germany)
Joachim Vogt (Faculty of Human Sciences Technische, Universitat Darmstadt, Darmstadt, Hessen, Germany)

Information and Computer Security

ISSN: 2056-4961

Publication date: 12 June 2017



This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals.


This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small- to medium-sized organizations (SMEs) with overall 90 employees.


The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees.

Research limitations/implications

Both studies rely on self-reported data and are, therefore, likely to contain some kind of bias.

Practical implications

Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations.


This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.



The research reported in this paper has been supported in part by the German Federal Ministry of Education and Research (BMBF) within CRISP ( Furthermore, this work has been developed within the project “KMU AWARE” which is funded by the German Federal Ministry for Economic Affairs and Energy under grant no. BMWi-VIA5-090168623-01-1/2015. The authors assume responsibility for the content.


Mayer, P., Gerber, N., McDermott, R., Volkamer, M. and Vogt, J. (2017), "Productivity vs security: mitigating conflicting goals in organizations", Information and Computer Security, Vol. 25 No. 2, pp. 137-151.

Download as .RIS



Emerald Publishing Limited

Copyright © 2017, Emerald Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.