CYBECO will research, develop, demonstrate, evaluate and exploit a new framework for managing cybersecurity risks, one that is focusing on cyberinsurance, as key risk management treatment. CYBECO integrates multidisciplinary research methods from Behavioural Economics, Statistics, Game and Decision Theory, Security Engineering and Behavioral Psychology in order to develop new concepts and models that are combined within a prototype software architecture (CYBECO Toolbox 2.0). CYBECO recognizes that the cyberinsurance domain is not adequately developed, partly due to the lack of sufficiently large statistical data sample and partly due to the difficulties customers face when deciding on their cyberinsurance investment options. CYBECO will address both these barriers, aiming at delivering advances clearly positioned beyond the State-of-the-Art. We plan to implement a prototype tool that will demonstrate and promote the CYBECO model and concepts. We then foresee to perform behavioural experiments to validate current institutional cybersecurity frameworks and to provide relevant policy insights, particularly in reference to behavioural nudges in cybersecurity. The CYBECO consortium is composed by complementary partners, coming from the addressed research, technological and market domains, that have a proven track record of high quality research capacity. Thus, the carefully structured workplan, embodies a holistic approach towards meeting the CYBECO objectives and delivering market-relevant outcomes of significant exploitation potential.

Author: James Nicholson

James is a Lecturer in the School of Computer and Information Sciences. James is interested in many aspects of cybersecurity and privacy, including usable security, social engineering, lay users’ understanding of cybersecurity, multifactor authentication, everyday surveillance, and inclusive cybersecurity. Previously, James was a senior researcher in PaCT Lab working on the Cybersecurity Across the Lifespan (cSALSA) project. The project explores how cyber-security is understood, and the attitudes and behaviours of people to cyber-security and risk. During his time in PaCT Lab, James also worked on Choice Architecture for Information Security (ChAISe), Digital Economy Research Centre (DERC), and the Horizon 2020 project CYBECO. Prior to PaCT Lab, James worked at Open Lab, Newcastle University on the TEDDI and SiDE projects. James’ work has focused on improving user authentication, both by repurposing existing graphical authentication systems and by evaluating novel ones. He is also interested in user privacy and how groups of users (children, parents, older adults) experience location tracking technologies, as well as how CCTV video can be crowdsourced to de-centralise the surveillance landscape. More recently, he has developed tools and methodologies for uncovering and understanding employees’ mental models of security threats with the aim of improving training programmes and/or organisational policies, as well as practical means for improving users’ protection against these security threats (e.g. phishing). James obtained his BSc (Information Systems) from Newcastle University in 2008, and his MRes Psychology from Northumbria University in 2009. James’ PhD work – completed in 2012 – explored user authentication in the context of older adults under the supervision of Professor Lynne Coventry and Professor Pam Briggs.