“…To investigate cultural factors influencing risky behaviour in the cyberspace, quantitative literature has availed of dominant socio-cognitive and socio-psychological theories as to their pre-configured theoretical frameworks. Such theories included the General Deterrence Theory (D’Arcy et al , 2009; Cheng et al , 2013; Cheng et al , 2014; Moody et al , 2018), the PMT (Ameen et al , 2021; Haag et al , 2021; Herath and Rao, 2009; Li et al , 2019; Meso et al , 2013; Tsai et al , 2016; Warkentin et al , 2016), situational action theory (Li et al , 2021), the planned behaviour theory (Bauer and Bernroider, 2017; Cox, 2012; Ifinedo, 2012), rational choice theory (Li et al , 2018; Vance and Siponen, 2012), neutralization theory (Ali et al , 2021; D’Arcy and Teh, 2019) and social bonding theory (Back et al , 2018). Nonetheless, most conventional cyber-security research was administered in business sectors, circumscribed to confirming pre-hypothesized theoretical reasons underlying employees’ failure to adhere to cyber-security policies.…”