Who is next?: Identifying characteristics of European banks that are key in influencing the target selection of banking malware.

The European financial sector is a frequent victim of banking malware leading to massive losses. It appears that not all customers’ banks are equally attractive targets among cybercriminals who deploy banking malware. This research established a comprehensive regression model explaining why certain banks are more attractive to cybercriminals....

The relation between the organizational information security climate and employees’ information security behavior

Employees are often referred to as the main cause of cyber security incidents in organizations. These incidents can lead to huge company risks and enormous losses. Therefore insight in how organizations can improve employees’ information security behavior is important, realizing that technical measures alone cannot reduce all security risks....

Analysing the impact of cyber insurance on the cyber security ecosystem: Utilising agent-based modelling to explore the effects of insurance policies

Cyberattacks are a constant threat to organisations worldwide. The uncertainty and difficulty of properly conducting cyber risk management processes do not make it easier for organisations to cope with cyberattacks. Cyber insurance can be a partial solution to the dilemma that organisations face. However, it has not seen the expected growth...

Drivers and impediments for cyber insurance adoption among Dutch SMEs

Cyber security is getting more attention in the last decades. Unfortunately, the 100% cyber security protection is impractical and impossible, and therefore, we need to consider other cyber risk management strategies. One of them is cyber insurance, but its adoption has been slow in Europe and even more among SMEs. This thesis presents a...

Private and public information disclosure to improve cybersecurity: A field experiment to incentivise compliance with anti-spoofing best practices

Exploring effective notification mechanisms for infected IoT devices

Many Internet of Things (IoT) devices that are currently on the market lack security and therefore many of them got infected with malware to launch powerful distributed denial of service (DDoS) attacks. Notifications from Internet Service Providers (ISPs) to their customers play a crucial role in the fight to clean up the malware infected IoT...

Towards the Adoption of EU General Data Protection Regulation: An Empirical Study of Businesses’ Perception on Privacy and Data Protection

The EU General Data Protection Regulation (EU GDPR) is about to come in force in May 2018. It poses new queries for both policymakers and businesses. Policymakers want o know how effective the new EU GDPR will be while the businesses would like to know how the EU GDPR should be implemented. To answer that question, empirical studies on how...