A large part of information systems (IS) security approaches is technical in nature with less consideration on people and organizational issues. The research presented in this paper adopts a broader perspective and presents an understanding of IS security in terms of a social and organizational perspective. In doing so, it uses the communication of risk messages among the members of IT groups in setting Internet banking goals in order to identify any weaknesses in security management procedures. The novel approach of this investigation is that explores and presents the issues of risk communication and goal setting in Internet banking security through in-depth interviews within three case studies. That said, it promotes an interdisciplinary and inter-organizational theory which fosters a new dialog that transcends security industry specific contexts as opposed to other studies. Interview results suggest how an effective setting of Internet banking security goals can be achieved through specific considerations for improving the communication of security messages. The research contributes to interpretive information systems with the study of risk communication and goal setting in an Internet banking security context.