Welcome to the ARIA 2021 Annual Meeting Agenda App. You are seeing this in simple view. Click on any session to see Presenters, Discussants and a Session Description. Click on Presenters to find a single presenter and their sessions. If you find an error, please email gphillips@aria.org. Registrants have been added and will continue to be updated until 7/29/21 when registration closes. Zoom links will be shared directly with all participants two days prior to the conference. Please make notifications@sched.com a "safe sender" in your email system. We will be sending messages throughout the conference through this medium.
Madhu Acharyya, Glasgow Caledonian University, London; John Houston, University of Stirling
In this paper we propose a game-theoretic cybercrime model and test the management of cybercrime risk by Organizations. We apply the concept of expected utility theory to explain the behaviour of hackers and defensive decision-making by the managers in the presence of risk and uncertainty. It is evident that in many occasions the hackers are bound to be at least partially successful and the risk mitigation through technological solutions alone cannot eliminate cyber risk completely. This is because the hackers hold superior knowledge and skill on modern technology and sophisticated skill than the Organisations’ managers. The hackers are always able to develop alternative ways to hack the online systems whatever sophisticated technology is used to mitigate cyber risk. Moreover, the Organisations often operate under practical constraints (either economic, e.g., budget or control/governance) to manage their cyber-risk exposures. Furthermore, the technological solutions are temporary as hackers change their positions, strategy and techniques very frequently making management of cyber risk even harder for the Organisations. Consequently, it is important to analysis the hacker motivations and operational strategy of the hackers from the perspective of behavioural economics.