CeDEx Seminar - Edward Cartwright (De Montfort University, Leicester)

Location
A40 Sir Clive Granger Building
Date(s)
Wednesday 5th December 2018 (14:00-15:00)
Description

Ransomware in the Lab: An experiment on cyber risk-taking

 

Abstract: Ransomware is relatively new form of cyber-attack in which a victim’s files are encrypted and a ransom is demanded for release of the key to decrypt the files. We develop a simple game-theoretical framework with which to study ransomware. In the first stage an individual can spend money to insure against cyber-attack. In the second stage the individual, if attacked, can spend resource to try and recover her files. We report the results of two experiments in which we evaluate attitudes to risk and compare a loss and gain frame. We observe considerable heterogeneity in behaviour with a large proportion of ‘back-up lovers’ who are risk averse and ‘ransom lovers’ who are risk taking. If the large amount of risk taking we observe was translated into real behaviour then individuals would be exposed to ‘dangerous’ levels of cyber risk. This is consistent with the general perception that cyber risks are under appreciated. While the gain-loss framing effect is in the direction predicted by prospect theory it is not large.

 


Centre for Decision Research and Experimental Economics

Sir Clive Granger Building
University of Nottingham
University Park
Nottingham, NG7 2RD

telephone: +44 (0)115 951 5458
Enquiries: jose.guinotsaporta@nottingham.ac.uk
Experiments: cedex@nottingham.ac.uk