https://orcid.org/0000-0002-8569-1917
References
- Allodi, L., F. Massacci, and J. Williams. 2022. “The Work-averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures.” Risk Analysis 42 (8): 1623–1642. https://doi.org/10.1111/risa.13732.
- Anderson, R., C. Barton, R. Böhme, R. Clayton, C. Ganan, T. Grasso, M. Levi, T. Moore, and M. Vasek. 2019. “Measuring the Changing Cost of Cybercrime.” In Workshop on the Economics of Information Security.
- Anderson, R., and T. Moore. 2006. “The Economics of Information Security.” Science 314 (5799): 610–613. https://doi.org/10.1126/science.1130992
- Arete and Cyentia. 2022. “Reining in Ransomware.” Accessed 6 June 2023. https://www.cyentia.com/wp- content/uploads/Arete-Reining-In-Ransomware-1.pdf.
- AtBay. 2023. “Ranking Email Security Solutions a Data Analysis of Cyber Insurance Claims.” Accessed 27 February 2023. https://www.at-bay.com/ranking-email-security-solutions.
- Biancotti, C. 2018. “The Price of Cyber (In)security: Evidence from the Italian Private Sector.” In Workshop on the Economics of Information Security.
- Bilge, L., Y. Han, and M. Dell’Amico. 2017. “Riskteller: Predicting the Risk of Cyber Incidents.” In Proceedings of the Conference on Computer and Communications Security, 1299–1311. ACM.
- BitSight. 2023. “Evidence-based Strategies to Lower Your Risk of Becoming a Ransomware Victim.” Accessed 6 June 2023. https://www.bitsight.com/blog/ransomware-prevention.
- BitSight and Marsh. 2022. “Make Better Cybersecurity Decisions with Trusted Data Analytics.” Accessed 6 June 2023. https://www.bitsight.com/press-releases/study-finds-significant-correlation-between- bitsight-analytics-and-cybersecurity.
- Böhme, R. 2010. “Security Metrics and Security Investment Models.” In International Workshop on Security, 10–24. Springer.
- Breaux, T. D., and D. L. Baumer. 2011. “Legally ‘Reasonable’ Security Requirements: A 10-Year FTC Retrospective.” Computers and Security 30 (4): 178–193. https://doi.org/10.1016/j.cose.2010.11.003.
- Breen, C., C. Herley, and E. M. Redmiles. 2022. “A Large-scale Measurement of Cybercrime Against Individuals.” In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, 1–41.
- Carr, M. 2016. “Public–Private Partnerships in National Cyber-security Strategies.” International Affairs 92 (1): 43–62. https://doi.org/10.1111/1468-2346.12504.
- Chesney, B., and D. Citron. 2019. “Deep Fakes: A Looming Challenge for Privacy, Democracy, and National Security.” California Law Review 107:1753.
- Cisco. 2021. Security Outcomes Study, Vol. 1. Accessed 6 June 2023. https://www.cisco.com/products/security/security- outcomes-report-vol-1.html.
- Coalition. 2023. 2023 Cyber Claims Report. Accessed 6 June 2023. https://info.coalitioninc.com/download-2023- cyber-claims-report.html.
- Cormack, Andrew, and Éireann Leverett. 2023. “Patchy Incentives: Using Law to Encourage Effective Vulnerability Response.” Journal of Cyber Policy 8 (1): 88–113. https://doi.org/10.1080/23738871.2023.2284233.
- DeKoven, L. F., A. Randall, A. Mirian, G. Akiwate, A. Blume, L. K. Saul, A. Schulman, G. M. Voelker, and S. Savage. 2019. “Measuring Security Practices and how They Impact Security.” In Proceedings of the Internet Measurement Conference, 36–49. ACM.
- Dinkovay, M., R. El-Dardiryy, and B. Overvesty. 2020. “Cyber Incidents, Security Measures and Financial Returns: Empirical Evidence from Dutch Firms.” In Workshop on the Economics of Information Security.
- Doerfler, P., K. Thomas, M. Marincenko, J. Ranieri, Y. Jiang, A. Moscicki, and D. McCoy. 2019. “Evaluating Login Challenges as a Defense Against Account Takeover.” The World Wide Web Conference, 372–382. https://doi.org/10.1145/3308558.3313481.
- Edwards, B., J. Jacobs, and S. Forrest. 2019. “Risky Business: Assessing Security with External Measurements.” arXiv. http://arxiv.org/abs/1904.11052.
- Eling, M., M. McShane, and T. Nguyen. 2021. “Cyber Risk Management: History and Future Research Directions.” Risk Management and Insurance Review 24 (1): 93–125. https://doi.org/10.1111/rmir.12169.
- Falco, G., M. Eling, D. Jablanski, M. Weber, V. Miller, L. A. Gordon, S. S. Wang, et al. 2019. “Cyber Risk Research Impeded by Disciplinary Barriers.” Science 366 (6469): 1066–1069. https://doi.org/10.1126/science.aaz4795.
- GallagherRe. 2022. “External Scanning for Insurance.” Accessed 6 June 2023. https://www.actuaries.org.uk/system/files/field/document/B1.
- Gandal, N., T. Moore, M. Riordan, and N. Barnir. 2023. “Empirically Evaluating the Effect of Security Precautions on Cyber Incidents.” Computers and Security 103380.
- Gollmann, D., C. Herley, V. Koenig, W. Pieters, and M. A. Sasse. 2015. “Socio-technical Security Metrics.” (Dagstuhl seminar 14491). Dagstuhl Reports 4 (12): 28.
- Herley, C., and P. C. Van Oorschot. 2017. “SoK: Science, Security and the Elusive Goal of Security as a Scientific Pursuit.” In Proceedings of the Symposium on Security and Privacy, 99–120. IEEE.
- IBM. 2023. “Cost of a Data Breach Report.” Acceessed 27 February 2023. https://www.ibm.com/reports/data-breach.
- Jacobs, J., S. Romanosky, B. Edwards, I. Adjerid, and M. Roytman. 2021. “Exploit Prediction Scoring System (EPSS).” Digital Threats: Research and Practice 2 (3): 1–17. https://doi.org/10.1145/3436242.
- Jensen, J., and F. Paine. 2023. “Municipal Cyber Risk.” Workshop on the Economics of Information Security.
- Laube, S., and R. Böhme. 2016. “The Economics of Mandatory Security Breach Reporting to Authorities.” Journal of Cybersecurity 2 (1): 29–41. https://doi.org/10.1093/cybsec/tyw002.
- Marsh. 2023. “Using Data to Prioritize Cybersecurity Investments.” Accessed 6 June 2023. https://www.marsh.com/us/services/cyber-risk/insights/using-cybersecurity-analytics-to-prioritize-cybersecurity-investments.html.
- Meyer, L. A., S. Romero, G. Bertoli, T. Burt, A. Weinert, and J. L. Ferres. 2023. How Effective is Multifactor Authentication at Deterring Cyberattacks?” arXiv preprint arXiv:2305.00945.
- Moore, T. 2010. “The Economics of Cybersecurity: Principles and Policy Options.” International Journal of Critical Infrastructure Protection 3 (3–4): 103–117. https://doi.org/10.1016/j.ijcip.2010.10.002.
- Moore, T. W., C. W. Probst, K. Rannenberg, and M. van Eeten. 2017. “Assessing ICT Security Risks in Socio-technical Systems.” (Dagstuhl Seminar 16461). Dagstuhl Reports 6 (11): 63–89.
- Nagle, F., S. Ransbotham, and G. Westerman. 2017. “The Effects of Security Management on Security Events.” In Workshop on the Econ. of Information Security.
- Office, J. P. 2010. Science of Cyber-security (JASON report jsr-10-102). http://fas.org/irp/agency/dod/jason/cyber.pdf.
- Pfleeger, S. L. 2012. “Security Measurement Steps, Missteps, and Next Steps.” IEEE Security and Privacy 10 (4): 5–9. https://doi.org/10.1109/MSP.2012.106.
- Rashid, A., G. Danezis, H. Chivers, E. Lupu, A. Martin, M. Lewis, and C. Peersman. 2018. “Scoping the Cyber Security Body of Knowledge.” IEEE Security and Privacy 16 (3): 96–102. https://doi.org/10.1109/MSP.2018.2701150.
- Reep-van den Bergh, C. M., and M. Junger. 2018. “Victims of Cybercrime in Europe: A Review of Victim Surveys.” Crime Science 7 (1): 1–15. https://doi.org/10.1186/s40163-018-0079-3.
- Rege, A., and R. Bleiman. 2020. “Ransomware Attacks against Critical Infrastructure.” In Proceedings of the 20th European Conference on Cyber Warfare Security, 324.
- Ryan, D. J., and C. Heckman. 2003. “Two Views on Security Software Liability. Let the Legal System Decide.” IEEE Security and Privacy 1 (1): 70–72. https://doi.org/10.1109/MSECP.2003.1176999.
- Schlackl, F., N. Link, and H. Hoehle. 2022. “Antecedents and Consequences of Data Breaches: A Systematic Review.” Information and Management 59 (4): 103638. https://doi.org/10.1016/j.im.2022.103638.
- Schneier, B. 2000. “The Process of Security.” Information Security 3 (4): 32–38.
- SecurityScorecard and Marsh. 2022. “Reduce Cyber Risk with the Predictive Power of Security Ratings.” Accessed 6 June 2023. https://resources.securityscorecard.com/cyber-insurance/reduce-cyber-risk-marsh- mclennanpage=1.
- Shackelford, S., A. Boustead, and C. Makridis. 2023. “Defining ‘Reasonable’ Cybersecurity: Lessons from the States.” Yale Journal of Law and Tech 25 (86): 86–143.
- Spanos, G., and L. Angelis. 2016. “The Impact of Information Security Events to the Stock Market: A Systematic Literature Review.” Computers and Security 58:216–229. https://doi.org/10.1016/j.cose.2015.12.006.
- Spring, J., E. Hatleback, A. Householder, A. Manion, and D. Shick. 2021. “Time to Change the CVSS?” IEEE Security and Privacy 19 (2): 74–78. https://doi.org/10.1109/MSEC.2020.3044475.
- Spring, J. M., T. Moore, and D. Pym. 2017. “Practicing a Science of Security: A Philosophy of Science Perspective.” In Proceedings of the 2017 New Security Paradigms Workshop, 1–18.
- Sridhar, K., A. Householder, J. Spring, and D. W. Woods. 2021. “Cybersecurity Information Sharing: Analysing an Email Corpus of Coordinated Vulnerability Disclosure.” In The 20th Annual Workshop on the Economics of Information Security.
- Such, J. M., P. Ciholas, A. Rashid, J. Vidler, and T. Seabrook. 2019. “Basic Cyber Hygiene: Does it Work?” Computer 52 (4): 21–31. https://doi.org/10.1109/MC.2018.2888766.
- Tajalizadehkhoob, S., T. Van Goethem, M. Korczynski, A. Noroozian, R. Böhme, T. Moore, W. Joosen, and M. van Eeten. 2017. “Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting.” In Proceedings of th Conference on Computer and Communications Security, 553–567. ACM.
- Woods, D. W., and R. Böhme. 2021, May. “SoK: Quantifying Cyber Risk.” In IEEE Symposium on Security and Privacy, 909–926. Oakland, CA.
- Woods, D. W., and A. C. Simpson. 2017. “Policy Measures and Cyber Insurance: A Framework.” Journal of Cyber Policy 2 (2): 209–226. https://doi.org/10.1080/23738871.2017.1360927.