Is Cybersecurity a Team Sport? A Multilevel Examination of Workgroup Information Security Effectiveness

Organizations maintain their desired level of cybersecurity by evaluating the information security (ISec) effectiveness of their organizational units. Numerous ISec studies have delved into examining individual compliance, yet studies that develop an understanding about achieving the desired effect of the workgroup ISec have been scarce in the literature. Against this backdrop, this research note draws on the input–process– output framework to take a multilevel approach and examines how an individual security factor (“individual self-efficacy”) and two core workgroup mechanisms (“workgroup collective efficacy” and “security knowledge coordination”) can together affect workgroup information security effectiveness (WISE). Using a survey, data for the independent variables of the study was collected from 68 branch offices (with 536 employees in total) of a law enforcement agency in South Korea. Separately, for WISE, we obtained the branch offices’ annual security assessment scores from the organization. The results reveal the cross-level nature of WISE, suggesting that group mechanisms significantly mediate the relationship between individual self-efficacy and WISE. The results support the view that group mechanisms are important in ISec management and need to be considered alongside the individual-level analysis in the pursuit of workgroup ISec performance. The findings provide insightful implications for both theory and practice.