Accepted Papers

Attackers and Defenders in Cybersecurity and their Optimal Investment Decisions. Austin Ebel (New York University), Debasis Mitra (Columbia University).
A Theory of Open Source Security: The Spillover of Security Knowledge in Vulnerability Disclosures through Software Supply Chains. Yu-Kai Lin (Georgia State University), Weifeng Li (University of Georgia).
Argot as a Trust Signal: Slang, Jargon & Reputation on a Large Cybercrime Forum. Jack Hughes (University of Cambridge), Andrew Caines (University of Cambridge), Alice Hutchings (University of Cambridge).
Birds of a Feather? A Comparative Analysis of DDoS Victimisation by IoT Botnet and Amplification Attacks. Swaathi Vetrivel (Delft University of Technology), Arman Noroozian (University of Amsterdam), Daisuke Makita (Yokohama National University), Katsunari Yoshioka (Yokohama National University), Michel van Eeten (Delft University of Technology), Carlos H. Gañán (Delft University of Technology).
Cyberattacks, Media Coverage and Municipal Finance. Lefteris Andreadis (Cyprus University of Technology), Elena Kalotychou (Cyprus University of Technology), Christodoulos Louca (Cyprus University of Technology), Christian Lundblad (University of North Carolina, Chapel Hill), Christos Makridis (Stanford University).
Does Decomposing Losses Improve Our Understanding of the Financial Impact of Data Breaches? Justin Theriot (RiskLens), Benjamin Gowan (RiskLens).
Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights. Jay Jacobs (Cyentia), Sasha Romanosky (RAND Corporation), Octavian Suciu (University of Maryland), Ben Edwards (Cyentia Institute), Armin Sarabi (University of Michigan).
Interdependent Security Games in the Stackelberg Style: How First-Mover Advantage Impacts Free-Riding and Security (Under-)Investment. Ziyuan Huang (University of Michigan, Ann Arbor), Parinaz Naghizadeh (The Ohio State University), Mingyan Liu (University of Michigan, Ann Arbor).
M&A Effect on Data Breaches in Hospitals: 2010-2022. Nan Clement (University of Texas at Dallas).
Municipal Cyber Risk. Jonathan Jensen (Massachusetts Institute of Technology), Fiona Paine (Massachusetts Institute of Technology).
Secure and Efficient Networks. Oleh Stupak (University of Cambridge).
The Potential of Self-Regulation for Front-Running Prevention on DEXes. Lioba Heimbach (ETH Zurich), Eric Schertenleib (ETH Zurich), Roger Wattenhofer (ETH Zurich).
Time Dynamics of Cyber Risk. Dingchen Ning (University of St. Gallen), Martin Eling (University of St.Gallen), Rustam Ibragimov (Imperial College London).
Trade-offs in Automating Platform Regulatory Compliance By Algorithm: Evidence from the COVID-19 Pandemic. Grazia Cecere (Institut Mines Telecom, Business School), Clara Jean (Grenoble Ecole de Management), Vincent Lefrere (Institut Mines Telecom, Business School), Catherine Tucker (MIT Sloan School of Management and NBER).
You Can Tell a Cybercriminal by the Company they Keep: A Framework to Infer the Relevance of Underground Communities to the Threat Landscape. Michele Campobasso (Eindhoven University of Technology), Radu Rădulescu (Eindhoven University of Technology), Sylvan Brons (Eindhoven University of Technology), Luca Allodi (Eindhoven University of Technology).

The 22nd Workshop on the Economics of Information Security (Geneva, Switzerland)

The 22nd Workshop on the Economics of Information Security (Geneva, Switzerland)