Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk

Anna Cartwright, Edward Cartwright, Lian Xue

Research output: Chapter in Book/Report/Conference proceedingConference proceeding

Abstract

Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.
Original languageEnglish
Title of host publicationDecision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings
EditorsTansu Alpcan, Yevgeniy Vorobeychik, John S. Baras, György Dán
PublisherSpringer
Pages135-151
Number of pages17
ISBN (Print)9783030324292, 9783030324308
DOIs
Publication statusE-pub ahead of print - 23 Oct 2019
Event 10th Conference on Decision and Game Theory for Security - Stockholm, Sweden
Duration: 30 Oct 20191 Nov 2019
https://www.gamesec-conf.org/

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11836 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference 10th Conference on Decision and Game Theory for Security
Abbreviated titleGameSec 2019,
CountrySweden
CityStockholm
Period30/10/191/11/19
Internet address

Fingerprint

Investing
Attack
Trade-offs
Risk taking
Resources

Keywords

  • Cyber-security
  • Insurance
  • Ransomware
  • Recovery
  • Risk aversion

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Cartwright, A., Cartwright, E., & Xue, L. (2019). Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk. In T. Alpcan, Y. Vorobeychik, J. S. Baras, & G. Dán (Eds.), Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings (pp. 135-151). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11836 LNCS). Springer. https://doi.org/10.1007/978-3-030-32430-8_9

Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk. / Cartwright, Anna; Cartwright, Edward; Xue, Lian.

Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. ed. / Tansu Alpcan; Yevgeniy Vorobeychik; John S. Baras; György Dán. Springer, 2019. p. 135-151 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11836 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference proceeding

Cartwright, A, Cartwright, E & Xue, L 2019, Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk. in T Alpcan, Y Vorobeychik, JS Baras & G Dán (eds), Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11836 LNCS, Springer, pp. 135-151, 10th Conference on Decision and Game Theory for Security , Stockholm, Sweden, 30/10/19. https://doi.org/10.1007/978-3-030-32430-8_9
Cartwright A, Cartwright E, Xue L. Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk. In Alpcan T, Vorobeychik Y, Baras JS, Dán G, editors, Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. Springer. 2019. p. 135-151. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-32430-8_9
Cartwright, Anna ; Cartwright, Edward ; Xue, Lian. / Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk. Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings. editor / Tansu Alpcan ; Yevgeniy Vorobeychik ; John S. Baras ; György Dán. Springer, 2019. pp. 135-151 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{c8074c88e7ec4d2b97baea8ed3410dc0,
title = "Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk",
abstract = "Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.",
keywords = "Cyber-security, Insurance, Ransomware, Recovery, Risk aversion",
author = "Anna Cartwright and Edward Cartwright and Lian Xue",
year = "2019",
month = "10",
day = "23",
doi = "10.1007/978-3-030-32430-8_9",
language = "English",
isbn = "9783030324292",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "135--151",
editor = "Tansu Alpcan and Yevgeniy Vorobeychik and Baras, {John S.} and Gy{\"o}rgy D{\'a}n",
booktitle = "Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings",
address = "United Kingdom",

}

TY - GEN

T1 - Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk

AU - Cartwright, Anna

AU - Cartwright, Edward

AU - Xue, Lian

PY - 2019/10/23

Y1 - 2019/10/23

N2 - Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.

AB - Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.

KW - Cyber-security

KW - Insurance

KW - Ransomware

KW - Recovery

KW - Risk aversion

UR - http://www.scopus.com/inward/record.url?scp=85076399076&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-32430-8_9

DO - 10.1007/978-3-030-32430-8_9

M3 - Conference proceeding

SN - 9783030324292

SN - 9783030324308

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 135

EP - 151

BT - Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings

A2 - Alpcan, Tansu

A2 - Vorobeychik, Yevgeniy

A2 - Baras, John S.

A2 - Dán, György

PB - Springer

ER -