All times are Brussels time (UTC+1 at the time of the conference).

Each talk is 10 minutes, with 5 minutes for immediate clarification questions.

Each session ends with a 15-minute plenary discussion for all three papers.

Videoconferencing links will be communicated to the registered parties.

Day 1: Monday December 14, 2020

14:00 General Remarks

14:10 Session 1: Vulnerabilities, Risks, and Breaches

Session chair: Bryan Routledge

14:10 Prioritizing Vulnerability Response: a Stakeholder-Specific Vulnerability Categorization
Jonathan Spring, Allen Householder, Art Manion, Eric Hatleback (CERT/CC, Software Engineering Institute, Carnegie Mellon University), Deana Shick (Rockwell)

14:25 Underlying and Consequential Costs of Cyber Security Breaches: Changes in Systematic Risk
Dennis D. Malliouris, Andrew Simpson (University of Oxford)

14:40 Cybersecurity Investments and the Cost of Capital
Taha Havakhor (Temple University), Mohammad Rahman (Purdue University), Tianjian Zhang (Oklahoma State University)

14:55 Discussion

15:10 Virtual Coffee Break

Participants will be randomly assigned virtual breakout rooms, where they can chat and socialize with other participants.

15:30 Session 2: Firms and Investments

Session chair: Kévin Huguenin

15:30 Cyber incidents, security measures and financial returns: Empirical evidence for Dutch firms
Milena Dinkova, Ramy El-Dardiry, Bastiaan Overvest (CPB Netherlands Bureau for Economic Policy Analysis)

15:45 Can Insider Trades Reliably Predict Cybersecurity Hazards in Public Firms?
Taha Havakhor (Temple University), Obi Ogbanufe (Oklahoma State University), Anthony Vance (Temple University)

16:00 Provider Output and Downstream Firms’ Service Tier Choice
Hooman Hidaji (University of Calgary), Lisa Yeo (University of California, Merced)

16:15 Discussion

16:30 Virtual Coffee Break

17:00 Panel (TBA)

18:00 Adjourn

Day 2: Tuesday December 15, 2020

14:00 Session 4: Measurements & Case Studies

Session chair: Alice Hutchings

14:00 Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies
Ben Collier, Richard Clayton, Alice Hutchings (University of Cambridge), Daniel Thomas (University of Strathclyde)

14:15 SAVing the Internet: Explaining the Adoption of Source Address Validation by Internet Service Providers
Qasim Lone (TU Delft), Maciej Korczyński (Univ. Grenoble Alpes), Carlos H. Gañán (TU Delft), Michel van Eeten (TU Delft)

14:30 The Impact of the GDPR on Content Providers
Vincent Lefrere (Institut Mines-Télécom), Logan Warberg (Carnegie Mellon University), Cristobal Cheyre (Cornell University), Veronica Marotta (University of Minnesota Twin Cities), Alessandro Acquisti (Carnegie Mellon University)

14:45 Discussion

15:00 Virtual Coffee Break

15:30 Session 5: Models

Session chair: Bruce Schneier

15:30 An Economic Model for Quantum-Key Recovery Attacks
Ben Harsha, Jeremiah Blocki (Purdue University)

15:45 Security-Induced Lock-In in the Cloud
Daniel Arce (UT Dallas)

16:00 The Commodification of Consent
Daniel Woods, Rainer Böhme (University of Innsbruck)

16:15 Discussion

16:30 Virtual Coffee Break

17:00 Session 6: Behavioral Aspects

Session chair: Rainer Böhme

17:00 The Use of Autonomous Decision Systems
Robin Dillon-Merrill (Georgetown), Peter Madsen (BYU), Bart Roets (INFRABEL), Taylan Topcu, Kostas Triantis (Virginia Tech)

17:15 Understanding the Knowledge Gap: How Security Awareness Influences the Adoption of Industrial IoT
Verena Schrama, Carlos H. Gañán, Doris Aschenbrenner, Mark de Reuver (TU Delft), Kevin Borgolte (Princeton University), Tobias Fiebig (TU Delft)

17:30 A Qualitative Model of Older Adults’ Contextual Decision-Making About Information Sharing
Alisa Frik, Julia Bernd (International Computer Science Institute, UC Berkeley), Serge Egelman (International Computer Science Institute, UC Berkeley)

17:45 Discussion

18:00 Adjourn