The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science.

Sunday, June 2, 2019

17:30-19:30 Welcome Reception: Russell House Tavern

Monday, June 3, 2019

8:00-9:00 Registration
Bruce Schneier, Sam Ransbotham
Keynote: Peter Swire Professor of Law, Georgia Institute of Technology
The Pedagogic Cybersecurity Framework and the Non-Code Aspects of Cybersecurity
9:40-10:55 Session: Advancing Research 

 Chair: Alessandro Acquisti

A Research Agenda for Cyber Risk and Cyber Insurance
(Gregory Falco, Martin Eling, Danielle Jablanski, Lawrence A. Gordon, Shaun Shuxun Wang, Joan Schmit, Russell Thomas, Mauro Elvedi, Thomas Maillart, Emy Donavan, Simon Dejung, Matthias Weber, Eric Durand, Franklin Nutter, Uzi Scheffer, Gil Arazi, Gilbert Ohana, and Herb Lin)
Valuing Cybersecurity Research Datasets
(Tyler Moore, Erin Kenneally, Michael Collett, and Prakash Thapa)
Measuring the Changing Cost of Cybercrime
(Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Carlos Ganan, Tom Grasso, Michael Levi, Marie Vasek, and Tyler Moore)
10:55-11:25 Break
11:25-12:40 Session: Mitigating Threat 

 Chair: Martin Loeb

The County Fair Cyber Loss Distribution: Drawing Inferences from Insurance Prices
(Daniel Woods, Tyler Moore, and Andrew Simpson)
The Stock Market Impact of Information Security Investments: The Case of Security Standards
(Dennis D. Malliouris and Andrew C. Simpson)
Exponential Discounting in Security Games of Timing
(Jonathan Merlevede, Benjamin Johnson, Jens Grossklags, and Tom Holvoet)
12:40-13:55 Lunch
13:55-15:10 Session: Reducing Externalities 

 Chair: Dmitry Zhdanov

Economics of Ransomware Attacks
(Terrence August, Duy Dao, and Marius Florin Niculescu)
Cybersecurity and Platform Competition
(Daniel Arce)
Improving Vulnerability Remediation Through Better Exploit Prediction
(Jay Jacobs, Sasha Romanosky, Idris Adjerid, and Wade Baker)
15:10-15:40 Break
15:40-16:55 Session: Short Papers 

 Chair: Sasha Romanosky

Bug Bounty Programs, Security Investment and Law Enforcement: A Security Game Perspective
(Jiali Zhou and Kai-Lung Hui)
Identifying the Arbitrageurs on Mt. Gox: First Evidence from the Leaked Dataset
(Pietro Saggese and Rainer Böhme)
Does Sharing Make My Data More Insecure? An Empirical Study on Health Information Exchange and Data Breaches
(Leting Zhang, Min-Seok Pang, and Sunil Wattal)
Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities
(Sadegh Farhang, Mehmet Bahadir Kirdan, Aron Laszka, and Jens Grossklags)
16:55-17:05 Announcements
17:05-18:05 Steering Committee meeting
18:30-22:00 Dinner: Kirkland Tap & Trotter

Tuesday, June 4, 2019

8:30-9:00 Registration
9:00-9:10 Announcements
9:10-10:50 Session: Securing Currency 

 Chair: Rainer Böhme

Why Bitcoin will Fail to Scale
(Nikhil Malik, Manmohan Aseri, Param Vir Singh, and Kannan Srinivasan)
The Economics of Cryptocurrency Pump and Dump Schemes
(James Hamrick, Farhang Rouhi, Arghya Mukherjee, Amir Feder, Neil Gandal, Tyler Moore, and Marie Vasek)
A Deep Dive into Bitcoin Mining Pools: An Empirical Analysis of Mining Shares
(Matteo Romiti, Aljosha Judmayer, Alexei Zamyatin, and Bernhard Haslhofer)
Diversification Across Mining Pools: Optimal Mining Strategies under PoW
(Panagiotis Chatzigiannis, Foteini Baldimtsi, Igor Griva, and Jiasun Li)
10:50-11:20 Break
11:20-12:35 Session: Disclosing Problems 

 Chair: Frank Nagle

The Economic Cost of Cybersecurity Breaches: A Broad-Based Analysis
(Jacob Haislip, Kalin Kolev, Robert Pinsker, and Thomas Steffen)
Software Vulnerability Disclosure and Security Investment
(Arrah-Marie Jo)
Do Data Breach Disclosure Laws Increase Firms’ Investment in Securing Their Digital Infrastructure?
(Raviv Murciano-Goroff)
12:35-13:50 Lunch
13:50-15:30 Session: Notifying and Tracking 

 Chair: Jean Camp

Fixing HTTPS Misconfigurations at Scale: An Experiment with Security Notifications
(Eric Zeng, Frank Li, Emily Stark, Adrienne Porter Felt, and Parisa Tabriz)
Delaying Informed Consent: An Empirical Investigation of Mobile Apps’ Upgrade Decisions
(Raveesh Mayya and Siva Viswanathan)
The Impact of Ad-Blockers on Consumer Behavior: A Lab Experiment
(Alisa Frik, Amelia Haviland, and Alessandro Acquisti)
Online Tracking and Publishers’ Revenues: An Empirical Analysis
(Veronica Marotta, Vibhanshu Abhishek, and Alessandro Acquisti)
15:30-16:00 Break
16:00-16:55 Session: New Ideas 

 Chair: Tyler Moore

Rump Session:
Participants are invited to give 5 minute talks on new ideas, reflections on presented work, ongoing research, research published recently in other venues, or entertaining perspectives. To reserve a slot, please sign up with the Rump Session Chair ( during the conference.
16:55-17:05 Closing Remarks