Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk

Anna Cartwright, Edward Cartwright, Lian Xue

Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

1 Citation (Scopus)
30 Downloads (Pure)


Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.
Original languageEnglish
Title of host publicationDecision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings
EditorsTansu Alpcan, Yevgeniy Vorobeychik, John S. Baras, György Dán
Number of pages17
ISBN (Print)9783030324292, 9783030324308
Publication statusE-pub ahead of print - 23 Oct 2019
Event10th Conference on Decision and Game Theory for Security - Stockholm, Sweden
Duration: 30 Oct 20191 Nov 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11836 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference10th Conference on Decision and Game Theory for Security
Abbreviated titleGameSec 2019
Internet address


  • Cyber-security
  • Insurance
  • Ransomware
  • Recovery
  • Risk aversion

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk'. Together they form a unique fingerprint.

Cite this