There is a lack of consistent use of measurements for factors related to people’s information security behavior. Specifically, a conceptually relaxed utilization of the variable “self-efficacy” makes it difficult for researchers to perform meaningful cross-study comparisons in behavioral information security research. This study examines how self-efficacy is defined and measured when used as a research variable in behavioral information security research and provides suggestions to better define and measure self-efficacy in behavioral information security research.