Purpose:
This study investigates the application of motivational strategies to encourage security-compliant behavior among employees in organizational cybersecurity, exploring how organizations motivate security-compliant behavior among employees in Germany. This study aims to bridge the gap between theoretical motivational models and practical implementation within organizations.

Design/methodology/approach:
This research uses a qualitative approach, conducting semi-structured interviews with 18 participants from organization of different sizes and sectors in Germany, illuminating the topic from three perspectives: executive managers, security specialists and regular employees. A deductive analysis is applied to coding the interview along intrinsic motivators (competence, relatedness and autonomy) and external motivators (incentives and nudges).

Findings:
This study found that some motivational factors, such as positive incentives like vouchers, and a healthy error culture effectively lead to employees being motivated to follow security guidelines. Conversely, the authors found several aspects that employees perceive as frustrating and ineffective, such as compulsory e-learnings or overcomplex security policies, hindering their intrinsic motivation to contribute to organizational cybersecurity.

Originality/value:
While existing literature offers insights into specific motivational methods applied within organizations, to the best of the authors’ knowledge, this paper is the first to adopt a broader perspective by analyzing how organizations’ cybersecurity strategies integrate both intrinsic and extrinsic motivational approaches.