Accepted Papers


  • Information Frictions and Heterogeneity in Valuations of Personal Data. Avinash Collis (University of Texas at Austin), Alex Moehring (MIT), Ananya Sen (Carnegie Mellon University), Alessandro Acquisti (Carnegie Mellon University)
  • Contagion or competitive effects?: Lenders’ response to peer firm cyberattacks. Amy Sheneman (The Ohio State University)
  • Extracting Godl [sic] from the Salt Mines: Ethereum Miners Extracting Value. Julien Piet (UC Berkeley), Jaiden Fairoze (UC Berkeley), Nicholas Weaver (UC Berkeley and ICSI)
  • Reducing Attack Surface by Learning Adversarial Bag of Tricks. William Casey (USNA), J Goohs (US Navy)
  • Empirically Evaluating the Effect of Cybersecurity Precautions on Incidents in Israeli Enterprises. Neil Gandal (Tel Aviv University and CEPR), Tyler Moore (University of Tulsa), Michael Riordan (Columbia University), Noa Barnir (Tel Aviv University)
  • Pricing Security in Proof-of-Work Systems. George Bissias (University of Massachusetts Amherst), Rainer Böhme (University of Innsbruck), David Thibodeau (University of Massachusetts Amherst), Brian Neil Levine (University of Massachusetts Amherst)
  • Characterising 0-Day Exploit Brokers. Daniel W Woods (University of Innsbruck), Matthias Dellago (University of Innsbruck), Andrew Simpson (University of Oxford)
  • Modelling Ransomware Attacks using POMDPs. Henry Skeoch (University College London)
  • A “sophisticated attack”? Innovation, technical sophistication, and creativity in the cybercrime ecosystem. Richard Clayton (University of Cambridge), Ben Collier (University of Edinburgh)
  • Exploring the role of data enclosure in the digital political economy. Brenden Kuerbis (Georgia Institute of Technology), Milton Mueller (Georgia Institute of Technology)
  • Efficient Collective Action for Tackling Time-Critical Cybersecurity Threats. Sébastien Gillard (Department of Defense Economics, Military Academy at ETH Zurich), Dimitri Percia David (Information Science Institute, University of Geneva), Alain Mermoud (Cyber-Defence Campus, armasuisse Science and Technology), Thomas Maillart (Information Science Institute, University of Geneva)
  • Treating the Symptoms or the Cause? Talent Acquisition in Response to Data Breaches. Sarah Bana (Stanford), Erik Brynjolfsson (Stanford), Wang Jin (MIT), Sebastian Steffen (MIT), Xiupeng Wang (Skidmore)
  • Prior Fraud Exposure and Precautionary Credit Market Behavior. Ying Lei Toh (Federal Reserve Bank of Kansas City), Nathan Blascak (Federal Reserve Bank of Philadelphia)
  • Breaking the Stablecoin Buck: Measuring the Impact of Security Breach and Liquidation Shocks. Andrew Morin (The University of Tulsa), Tyler Moore (The University of Tulsa), Eric Olson (The University of Tulsa)
  • Impact of App Privacy Label Disclosure on Demand: An Empirical Analysis. Rahul Telang (Carnegie Mellon University), Rajiv Garg (Emory University)
  • No research, no risk? An empirical study of determinants of information leakage attacks. Oleh Stupak (University of Oxford, Oxford Internet Institure)

Note that we are also pleased to announce an invited panel on “The present and future state of cyber-insurance: research and practice”, featuring Scott Stransky, Managing Director, Head of the Cyber Risk Analytics Center at Marsh McLennan, and Erin Kenneally, Global Director, Cyber Insurance at SentinelOne.