About the Project
The project aims to develop a framework with supporting software tools to be used to analyse the behavioural co-evolution of cybersecurity and cybercrime ecosystems, and effectively influence behaviours of a range of actors in ecosystems in order to reduce human-related risks. Researchers and practitioners have acknowledged that human-related risks are among the most important factors in cybersecurity, e.g. an IBM report (2014) shows that over 95% of security incidents involved "human errors".
This project will involve a group of researchers working in five academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at four UK research institutes, and be supported by an Advisory Board with 12 international/UK researchers and a Stakeholder Group formed by 12 non-academic partners (including LEAs, NGOs and industry).
- To develop a more comprehensive understanding of the key (co)evolutionary trajectories of human behaviours in cybersecurity and cybercrime ecosystems.
- To compile a knowledge base including evidential and theoretical information to assist solution designers and crime preventers to out-innovate adaptive cybersecurity offenders.
- To develop a cybercrime ontology with an internally-consistent glossary that can make the cybercrime knowledge base machine readable for automated processing.
- To produce a practical framework for reducing human-related cyber risks, which incorporates theoretical concepts and needed software tools for better user engagement via personalisation and contextualisation.
- To validate the developed framework in selected real-world use cases.
How ACCEPT's aim will be achieved
(1) Be theory-informed: Incorporate theoretical concepts from social, evolutionary and behavioural sciences which provide insights into the co-evolutionary aspect of cybersecurity/cybercrime ecosystems.
(2) Be evidence-based: Draw on extensive real-world data from different sources on behaviours of individuals and organisations within cybersecurity/cybercrime ecosystems.
(3) Be user-centric: Develop a framework that can provide practical guidance to system designers on how to engage individual end users and organisations for reducing human-related cyber risks.
(4) Be real world-facing: Conduct user studies in real-world use cases to validate the framework's effectiveness. The new framework and solutions it identifies will contribute towards enhanced safety online for many different kinds of users, whether these are from government, industry, the research community or the general public.
WMG Research Team
Xiao Ma (Co-investigator, technical manager)