Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk

Anna Cartwright, Edward Cartwright, Lian Xue

Research output: Chapter in Book/Report/Conference proceedingConference proceeding

5 Downloads (Pure)

Abstract

Broadly speaking an individual can invest time and effort to avoid becoming victim to a cyber attack and/or they can invest resource in recovering from any attack. We introduce a new game called the prevention and recovery game to study this trade-off. We report results from the experimental lab that allow us to categorize different approaches to risk taking. We show that many individuals appear relatively risk loving in that they invest in recovery rather than prevention. We find little difference in behavior between a gain and loss framing.
Original languageEnglish
Title of host publicationDecision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings
EditorsTansu Alpcan, Yevgeniy Vorobeychik, John S. Baras, György Dán
PublisherSpringer
Pages135-151
Number of pages17
ISBN (Print)9783030324292, 9783030324308
DOIs
Publication statusE-pub ahead of print - 23 Oct 2019
Event 10th Conference on Decision and Game Theory for Security - Stockholm, Sweden
Duration: 30 Oct 20191 Nov 2019
https://www.gamesec-conf.org/

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11836 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference 10th Conference on Decision and Game Theory for Security
Abbreviated titleGameSec 2019,
CountrySweden
CityStockholm
Period30/10/191/11/19
Internet address

Keywords

  • Cyber-security
  • Insurance
  • Ransomware
  • Recovery
  • Risk aversion

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk'. Together they form a unique fingerprint.

  • Cite this

    Cartwright, A., Cartwright, E., & Xue, L. (2019). Investing in Prevention or Paying for Recovery - Attitudes to Cyber Risk. In T. Alpcan, Y. Vorobeychik, J. S. Baras, & G. Dán (Eds.), Decision and Game Theory for Security - 10th International Conference, GameSec 2019, Proceedings (pp. 135-151). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11836 LNCS). Springer. https://doi.org/10.1007/978-3-030-32430-8_9