Despite the benefits of bring your own device (BYOD) programmes, they are considered one of the top security risks companies are facing. Furthermore, there is a gap in the literature in understanding gender differences in employees' smartphone security behavioural intention. This research analyses gender differences in smartphone security behavioural intention among employees in the United Arab Emirates (UAE) and the United States (US). The research develops a new model, the behavioural model of cybersecurity (BMS), based on a combination of the protection motivation theory (PMT), the general deterrence theory (GDT) and Hofstede's cultural dimensions. A questionnaire was distributed to employees in both countries. A total of 1156 useable responses were analysed using partial least squares-structural equation modelling. The findings show that gender differences exist, but neither male nor female employees in either country are aware of the risks associated with their use of smartphones, despite their awareness of the existence of their company's BYOD security policies. The research provides theoretical and practical contributions by developing a new model combining the PMT, GDT and Hofstede's cultural dimensions and suggests gender differences in employees' smartphone security behavioural intention in a cross-national context. It has several practical implications for practitioners and policymakers.