{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:33:25Z","timestamp":1759091605259,"version":"3.37.3"},"reference-count":28,"publisher":"Oxford University Press (OUP)","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Cyber Secur"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1093\/cybsec\/tyw008","type":"journal-article","created":{"date-parts":[[2016,12,24]],"date-time":"2016-12-24T04:07:03Z","timestamp":1482552423000},"page":"43-56","source":"Crossref","is-referenced-by-count":14,"title":["Policy, statistics and questions: Reflections on UK cyber security disclosures"],"prefix":"10.1093","volume":"2","author":[{"given":"Chad D.","family":"Heitzenrater","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew C.","family":"Simpson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2016,12,22]]},"reference":[{"key":"2016123008051118000_2.1.43.1","unstructured":"Rue R Pleeger SL Ortiz D. A framework for classifying and comparing models of cyber security investment to support policy and decision-making. In: Proceedings of the 6th Annual Workshop on the Economics of Information Security (WEIS 2007). http:\/\/www.econinfosec.org\/archive\/weis2007\/papers\/76.pdf"},{"key":"2016123008051118000_2.1.43.2","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1007\/s11149-006-9011-y","article-title":"The potential for underinvestment in internet security: implications for regulatory policy","volume":"31","author":"Garcia","year":"2007","journal-title":"J Regul Econ"},{"key":"2016123008051118000_2.1.43.3","unstructured":"Anderson R Barton C B\u00f6hme R , . Measuring the cost of cybercrime. In: Proceedings of the Workshop of Economics and Information Security (WEIS 2012). 2012. http:\/\/www.econinfosec.org\/archive\/weis2012\/papers\/Anderson_WEIS2012_old.pdf"},{"key":"2016123008051118000_2.1.43.4","doi-asserted-by":"crossref","unstructured":"Thomas RC Antkiewicz M Florer P , . How bad is it? \u2014 a branching activity model to estimate the impact of information security breaches. In: Proceedings of the 12th Workshop on the Economics of Information Security (WEIS 2013). 2013. http:\/\/dx.doi.org\/10.2139\/ssrn.2233075 or http:\/\/www.econinfosec.org\/archive\/weis2013\/papers\/ThomasWEIS2013.pdf","DOI":"10.2139\/ssrn.2233075"},{"key":"2016123008051118000_2.1.43.5","unstructured":"Moore T Anderson R. Economics and internet security: a survey of recent analytical, empirical and behavioral research. Technical Report TR-03-11, Computer Science Group, Harvard University (2011)"},{"key":"2016123008051118000_2.1.43.6","unstructured":"Department for Business, Innovation & Skills: Information security breaches survey 2015. https:\/\/www.gov.uk\/government\/publications\/information-security-breaches-survey-2015 (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.7","unstructured":"Department for Business, Innovation and Skills: Cyber essentials scheme: overview. https:\/\/www.gov.uk\/government\/publications\/cyber-essentials-scheme-overview (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.8","doi-asserted-by":"crossref","unstructured":"Anderson R B\u00f6hme R Clayton R , . Security economics and European policy. In: Proceedings of the 7th Annual Workshop on the Economics of Information Security (WEIS 2008). 2008. http:\/\/www.econinfosec.org\/archive\/weis2008\/papers\/MooreSecurity.pdf","DOI":"10.1007\/978-0-387-09762-6_3"},{"key":"2016123008051118000_2.1.43.9","unstructured":"Department for Business, Innovation and Skills: Information security breaches survey 2014. https:\/\/www.gov.uk\/government\/publications\/information-security-breaches-survey-2014 (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.10","unstructured":"Department for Business, Innovation and Skills: Information security breaches survey 2013. https:\/\/www.gov.uk\/government\/publications\/information-security-breaches-survey-2013-technical-report (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.11","unstructured":"Department for Business, Innovation and Skills: Information security breaches survey 2012. http:\/\/www.pwc.co.uk\/audit-assurance\/publications\/uk-information-security-breaches-survey-results-2012.jhtml (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.12","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio D Herley C. Sex, lies and cyber-crime surveys. In: Economics of Information Security and Privacy III. New York: Springer, 2013, 35\u201353","DOI":"10.1007\/978-1-4614-1981-5_3"},{"key":"2016123008051118000_2.1.43.13","unstructured":"Moore T. Managing security investment part II. http:\/\/lyle.smu.edu\/tylerm\/courses\/econsec\/f12\/slides\/secinv2-handout.pdf (6 February 2015, date last accessed)"},{"key":"2016123008051118000_2.1.43.14","doi-asserted-by":"crossref","unstructured":"Brecht M Nowey T. A closer look at information security costs. In: B\u00f6hme R (ed.), The Economics of Information Security and Privacy. Berlin Heidelberg, Germany: Springer, 2013, 3\u201324.","DOI":"10.1007\/978-3-642-39498-0_1"},{"key":"2016123008051118000_2.1.43.15","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"key":"2016123008051118000_2.1.43.16","unstructured":"Imperva Application Defense Center: Hacker intelligence initiative, monthly trend report #14. http:\/\/www.imperva.com\/docs\/HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.17","unstructured":"Greenberg A. Study finds Microsoft\u2019s free antivirus as effective as Symantec\u2019s Norton. http:\/\/www.forbes.com\/sites\/andygreenberg\/2010\/10\/19\/study-finds-microsofts-free-antivirus-as-effective-as-symantecs-norton\/."},{"key":"2016123008051118000_2.1.43.18","unstructured":"Chai B. Firewalls, only 60 per cent effective against malware. http:\/\/www.itproportal.com\/2011\/04\/19\/firewalls-only-60-cent-effective-against-malware\/ (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.19","unstructured":"K\u00fchrer M Rossow C Holz T. Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A, Bos, H, Portokalidis, G (eds.), Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2014). Volume 8688 of Lecture Notes in Computer Science. Cham, Switzerland: Springer, 2014, 1\u201314."},{"key":"2016123008051118000_2.1.43.20","unstructured":"Ms. Smith: Patching Windows is a major time sink for IT departments. http:\/\/www.networkworld.com\/article\/2229227\/microsoft-subnet\/patching-windows-is-a-major-time-sink-for-it-departments.html (16 August 2016, date last accessed)"},{"key":"2016123008051118000_2.1.43.21","doi-asserted-by":"crossref","unstructured":"Hulth\u00e9n R. Communicating the economic value of security investments: value at security risk. In: Johnson ME , (ed.), Managing Information Risk and the Economics of Security. New York, NY: Springer, 2009, 121\u201340.","DOI":"10.1007\/978-0-387-09762-6_6"},{"key":"2016123008051118000_2.1.43.22","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1109\/MSP.2004.55","article-title":"Risk analysis in software design","volume":"2","author":"Verdon","year":"2004","journal-title":"IEEE Security & Privacy"},{"key":"2016123008051118000_2.1.43.23","unstructured":"[23] Soo Hoo KJ. How much is enough: a risk management approach to computer security. Ph.D. Thesis, Stanford University, Stanford, CA, USA, 2000."},{"key":"2016123008051118000_2.1.43.24","unstructured":"Xie N Mead N Chen P , . SQUARE project: cost\/benefit analysis framework for information security improvement projects in small companies. Technical Report CMU\/SEI-2004-TN-045, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (2004)"},{"key":"2016123008051118000_2.1.43.25","doi-asserted-by":"crossref","unstructured":"Verendel V. Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, ACM, 2009, 37\u201350.","DOI":"10.1145\/1719030.1719036"},{"key":"2016123008051118000_2.1.43.26","unstructured":"Herley C. Why do Nigerian scammers say they are from Nigeria? In: Proceedings of the 11th Annual Workshop on the Economics of Information Security (WEIS 2012). 2012. http:\/\/www.econinfosec.org\/archive\/weis2012\/papers\/Herley_WEIS2012.pdf"},{"key":"2016123008051118000_2.1.43.27","doi-asserted-by":"publisher","DOI":"10.1257\/00028280260136200"},{"key":"2016123008051118000_2.1.43.28","unstructured":"Ponemon Institute LLC: 2014 cost of data breach study: Global analysis. http:\/\/www-935.ibm.com\/services\/multimedia\/SEL03027USEN_Poneman_2014_Cost_of_Data_Breach_Study.pdf (16 August 2016, date last accessed)"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/2\/1\/43\/10833194\/tyw008.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,16]],"date-time":"2019-09-16T18:17:32Z","timestamp":1568657852000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-lookup\/doi\/10.1093\/cybsec\/tyw008"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12]]},"references-count":28,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2016,12,30]]},"published-print":{"date-parts":[[2016,12]]}},"alternative-id":["10.1093\/cybsec\/tyw008"],"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyw008","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"type":"print","value":"2057-2085"},{"type":"electronic","value":"2057-2093"}],"subject":[],"published":{"date-parts":[[2016,12]]}}}