A5080051176- Information and Cyber Security
- Cybercrime and Law Enforcement Studies
- Network Security and Intrusion Detection
- Experimental Behavioral Economics Studies
- Privacy, Security, and Data Protection
- Terrorism, Counterterrorism, and Political Violence
- Cybersecurity and Cyber Warfare Studies
- Decision-Making and Behavioral Economics
- Advanced Malware Detection Techniques
- Infrastructure Resilience and Vulnerability Analysis
- Culture, Economy, and Development Studies
- Spam and Phishing Detection
- Auction Theory and Applications
- Blockchain Technology Applications and Security
- Privacy-Preserving Technologies in Data
- Insurance and Financial Risk Management
- Economic theories and models
- Game Theory and Applications
- Internet Traffic Analysis and Secure E-voting
- FinTech, Crowdfunding, Digital Finance
- Probability and Risk Models
- Crime Patterns and Interventions
- Psychology of Moral and Emotional Judgment
- Legal and Constitutional Studies
- Hate Speech and Cyberbullying Detection
University of Edinburgh
2022-2025
British University in Dubai
2023-2025
Universität Innsbruck
2020-2023
Rafiki Coalition
2023
Purdue University West Lafayette
2015-2021
University of Oxford
2017-2019
State Street (United States)
2017
Abstract Cyber risk management involves balancing acceptance, avoidance, reduction, and transfer. Academic researchers have focused on reduction measures. Studies of cyber transfer are less common, mainly centering insurance. This emphasis overlooks the development many real-world products in last decade. Our study describes emergence including: (re)insurance, parametric insurance, warranties, cat bonds. We characterize how these solutions addressed four core challenges transferring risk:...
Privacy laws like the General Data Protection Regulation (GDPR) and California Consumer Act (CCPA) have pushed internet firms processing personal data to obtain user consent. Uncertainty around sanctions for non-compliance led many websites embed a Consent Management Provider (CMP), which collects users' consent shares it with third-party vendors other websites. Our paper maps formation of this ecosystem using longitudinal measurements. Primary secondary sources are used measure each actor...
Does competition affect moral behavior? This fundamental question has been debated among leading scholars for centuries, and more recently, it tested in experimental studies yielding a body of rather inconclusive empirical evidence. A potential source ambivalent results on the same hypothesis is design heterogeneity-variation true effect sizes across various reasonable research protocols. To provide further evidence whether affects behavior to examine generalizability single study...
The role of the insurance industry in driving improvements cyber security has been identified as mutually beneficial for both insurers and policy-makers. To date, there no consideration roles governments should pursue support this public–private partnership. This paper rectifies omission presents a framework to help underpin such partnership, giving particular possible government interventions that might affect market. We have undertaken qualitative analysis reports published by...
This paper introduces a causal model inspired by structural equation modeling that explains cyber risk outcomes in terms of latent factors measured using reflexive indicators. First, we use the to classify empirical harm studies. We discover harms are not exceptional typical or extreme losses. The increasing frequency data breaches is contested and stock market reactions incidents becoming less damaging over time. Focusing on alone breeds fatalism; most useful evaluating effectiveness...
Policy discussions often assume that wider adoption of cyber insurance will promote information security best practice. However, this depends on the process applicants need to go through apply for insurance. A typical would require an applicant fill out a proposal form, which is self-assessed questionnaire. In paper, we examine 24 forms, offered by insurers based in UK and US, determine controls are present forms. Our aim establish whether collection mentioned analysed forms corresponds...
Abstract The adoption of digital technology creates the potential for new harms. Given that risk prevention solutions are imperfect, individuals may wish to transfer an insurer. It is unclear whether existing insurance policies cover these harms, or specialized consumer cyber products available. We address this research gap by conducting a content analysis 50 policies, 32 in USA and 18 UK. Our 26 home reveals insurers typically exclude perils (losses caused computer viruses, hacking,...
In the context of blockchain systems, importance decentralization is undermined by lack a widely accepted methodology to measure it. To address this gap, we set out systematization effort targeting measurement workflow. facilitate our systematization, put forth framework that categorizes all techniques used in previous work based on resource they target, methods use extract allocation, and functions apply produce final measurements. We complement with an empirical analysis designed evaluate...
Cyber insurance could achieve public policy goals for cybersecurity using private-sector means. Insurers assess organizational security postures, prescribe procedures and controls, provide postincident services. We evaluate how such mechanisms impact security, identify market dynamics restricting their effectiveness, sketch out possible futures cyber as governance.
We consider interdependent systems managed by multiple defenders that are under the threat of stepping-stone attacks. model such via game-theoretic models and incorporate effect behavioral probability weighting is used to biases in human decision-making, as descended from field economics. then into our framework called TASHAROK, two types tax-based mechanisms for security games where central regulator incentivizes invest well securing their assets so achieve socially optimal outcome. first...
In the commodification of consent, a legal concept designed to empower users has been transformed into an asset that can be traded across firms. Users interact with consent dialog offered by one coalition member. The default setting allows any other member, including both publishers and third-party vendors, use this as basis for processing personal data. doing so, creates interdependent privacy considerations within notice paradigm. This paper considers how innovation could change...
In theory, consent dialogs allow users to express privacy preferences regarding how a website and its partners process the user's personal data. reality, often employ subtle design techniques known as dark patterns that nudge towards accepting more data processing than user would otherwise accept. Dark undermine autonomy can violate laws. We build system, DarkDialogs, automatically extracts arbitrary from detects presence of 10 patterns. Evaluating DarkDialogs against hand-labelled dataset...
We model the behavioral biases of human decision-making in securing interdependent systems and show that such leads to a suboptimal pattern resource allocation compared non-behavioral (rational) decision-making. provide empirical evidence for existence bias through controlled subject study with 145 participants. then propose three learning techniques enhancing multi-round setups. illustrate benefits our multiple real-world quantify level gain case which defenders are behavioral. also benefit...
Insurance premiums reflect expectations about the future losses of each insured. Given dearth cyber security loss data, market could shed light on true magnitude despite noise from factors unrelated to losses. To that end, we extract insurance pricing information regulatory filings 26 insurers. We provide empirical observations how vary by coverage type, amount, and policyholder type over time. A method using particle swarm optimisation expected value premium principle is introduced iterate...
Across both the public and private sector, cyberse-curity decisions could be informed by estimates of likelihood different types exploitation corresponding harms. Law enforcement should focus on investigating disrupting those cybercrimes that are relatively more frequent, all else being equal. Similarly, firms account for forms cyber incident when tailoring risk management policies. This paper reviews quantitative evidence available cybercrime victimi-sation likelihood, providing a bridge...
Cyber insurance is becoming a popular cyber risk management tool. Beyond pure financial transfer, prior theoretical works anticipated that would influence the mitigation measures employed by policyholders, such as excluding losses caused security mismanagement or offering premium discounts for controls. Empirical literature has shown ineffective at influencing pre-breach levels; however, it also identified how insurers indemnify cost of team post-breach providers with expertise spanning...
In recent years, cyberattacks have cost firms countless billions of dollars, undermined consumer privacy, distorted world geopolitics, and even resulted in death bodily harm. Rapidly accelerating not, however, been bad news for many lawyers. To the contrary, lawyers that specialize coordinating all elements victims’ incident response efforts are increasingly demand. Lawyers’ dominant role cyber-incident is driven predominantly by their purported capacity to ensure information produced during...
Technologists who understand and measure cyber risk can motivate policyholders to improve security.