Since Bandura’s proposal of self-efficacy, studies have explained behavioral motivations at the individual level. However, little is known concerning self-efficacy’s applicability at the group level in the information systems security (InfoSec) domain. Also, despite extensive cross-cultural analyses at the individual level, works at a group level are still in infancy. We, therefore, define InfoSec self-efficacy as a group-level construct and examine its impact on InfoSec vulnerability from cross-cultural perspectives. We draw on interdependent security and separate InfoSec vulnerability into vulnerability from self and partners. The goal is fourfold: (i) proposing InfoSec collective efficacy as a cultural construct, (ii) modeling relationships among InfoSec collective efficacy, InfoSec vulnerability, vulnerability from partners, and InfoSec control awareness from cross-cultural perspectives, (iii) validating the model using data collected from executive-level IS managers in the US and South Korea, and (iv) providing implications for IS managers operating in multinational businesses
