Skip to main content Accessibility help
×
  1. Home
  2. Search

Refine search

Refine search

Access:
Content type:
Publication date:
Apply   From and To filters
Subject: Show more
Journals Show more
Publishers: Show more
Societies Show more
Series: Show more
Collections: Show more

Actions for selected content:

Select all | Deselect all
  • View selected items
  • Export citations
  • Download PDF (zip)
  • Save to Kindle
  • Save to Dropbox
  • Save to Google Drive

Save Search

You can save your searches here and later view and run them again in "My saved searches".

Please provide a title, maximum of 40 characters.
Cancel
×

7 results

  • From ransoms to ruin: Are extortion payments by ransomware victims insurable?

  • Divya Ramjee, Eireann Leverett
  • Journal:
    Data & Policy / Volume 7 / 2025
    Published online by Cambridge University Press:
    26 November 2025, e80
    • Article
      • You have access
      • Open access
    • PDF
    • HTML
    • Export citation

  • Cyber risk is an important consideration in today’s risk management and insurance industries. However, the statistical features of cyber risk, including concerns of solvency for cyber insurance providers, are still emerging. This study investigates the dynamics of ransomware severity, specifically focusing on different statistical dimensions of extortion payments from ransomware attacks across various ransomware strains and/or variants. Our results indicate that extortion payments are not identically distributed across ransomware strains/variants, and thus violate necessary assumptions for solvency determinations using classical ruin theory. These findings emphasize the importance of re-examining these assumptions under empirical data and implementing dynamic cyber risk modelling for portfolio losses from extortion payments from ransomware attacks. Additionally, such findings suggest that removing coverage for extortion payments from insurance policies may protect cyber insurance firms from insolvency, as well as create a potential deterrence effect against ransomware threat actors due to lack of extortion payment from victims. Our work has implications for insurance regulators, policymakers, and national security advisors focused on the financial impact of extortion payments from ransomware attacks.

  • 4 - Zero Tolerance

  • Anton Moiseienko, Australian National University, Canberra
  • Book:
    Doing Business with Criminals
    Published online:
    09 June 2025
    Print publication:
    31 July 2025, pp 158-198

  • Summary

    This chapter focuses on two other key elements of the global financial crime regime beyond AML rules, namely CTF and targeted financial sanctions, and the challenges that they present. In particular, it discusses the shift from excluding criminal funds towards excluding specified persons themselves – be that designated terrorists or otherwise sanctioned persons – from the legitimate economy. The chapter first discusses the history of CTF measures and targeted sanctions. Then, it considers the challenges presented by targeted exclusion, which arise in the context of CTF as well as being inherent to the operation of targeted financial sanctions. Finally, the chapter parses out the difficult case of coerced payments, including criminal ransoms, terrorist ransoms and ransomware payouts.

  • 1 - Before the Invasion

  • Christine Abely, New England Law, Boston
  • Book:
    The Russia Sanctions
    Published online:
    14 December 2023
    Print publication:
    21 December 2023, pp 3-15

  • Summary

    This chapter details the basic structure of sanctions and export control regimes, and describes the sanctions programs that were in place or developed within the last ten years. It briefly discusses the most comprehensive sanctions regimes, including those imposed by the U.S. against Iran, Cuba, Syria, and North Korea. This section focuses in particular on the structure of sanctions regulations before 2022 applicable to Russia. These sanctions were more limited in nature, but were enacted with increasing frequency and scope in the immediate years before the invasion, responding to a growing list of threats from within Russia related to cyber attacks, interference in the 2016 U.S. presidential election, and the Russian invasion and annexation of Crimea.

  • A National Survey of Hospital Cyber Attack Emergency Operation Preparedness

  • Natalie Sullivan, Jeffery Tully, Christian Dameff, Chibuzo Opara, Mackenzie Snead, Jordan Selzer
  • Journal:
    Disaster Medicine and Public Health Preparedness / Volume 17 / 2023
    Published online by Cambridge University Press:
    22 March 2023, e363
    • Article
      • You have access
      • Open access
    • PDF
    • HTML
    • Export citation
  • Objective:

    Cyberattacks on healthcare systems are increasing in frequency and severity. Hospitals need to integrate cybersecurity preparedness into their emergency operations planning and response to mitigate adverse outcomes during increasingly likely cyber events. No data currently exist regarding the level of preparedness of United States hospital systems for cybersecurity attacks. We surveyed hospital emergency managers to assess cybersecurity preparedness for these events.

    Methods:

    Fifty-seven emergency managers representing hospitals across the United States participated in an online Qualtrics survey regarding current preparedness and response procedures for cybersecurity hazards.

    Results:

    Survey responses between April 2019 and May 2021 demonstrated that a majority of hospital systems surveyed included cybersecurity disasters in their HVA (82.4%; 47/57), and most ranked it as 1 of their top 5 priorities (57.4%; 27/47). However, over half denied specifically mentioning cybersecurity in their Emergency Operations Plans (EOPs; 52.6%; 30/57). Fourteen of the 57 hospital systems (24.5%) endorsed previously activating an emergency response for a cybersecurity incident unrelated to information technology (IT) failure.

    Conclusions:

    The survey results suggest that American hospitals are currently underprepared for cybersecurity disasters. We emphasize the importance of prioritizing cybersecurity in Hazard Vulnerability Analyses (HVAs) and implementing specific EOP annexes for cybersecurity emergencies.

  • The Uneasy Case for a Ransom Tax

  • Bernold Nieuwesteeg, Michael Faure
  • Journal:
    European Journal of Risk Regulation / Volume 14 / Issue 2 / June 2023
    Published online by Cambridge University Press:
    01 February 2023, pp. 382-398
    • Article
      • You have access
      • Open access
    • PDF
    • HTML
    • Export citation

  • The goal of our paper is to demonstrate the potential effects of a tax on paying a ransom on the incentives of stakeholders involved: both the perpetrators (the attackers placing the ransomware) as well as the potential victim. We do think that there is a case for a ransom tax, but we do also realise that it is not easy to make that case, and hence we express this doubt in our title. A tax could stimulate ex ante cybersecurity and also (when price elasticity is not too low) reduce ex post ransom payments. In addition, a tax in combination with a smartly designed subsidy could have benefits.

  • 15 - Advanced Persistent Threat Groups Increasingly Destabilize Peace and Security in Cyberspace

  • from Part IV - Reflections and Research Notes
  • Edited by Scott J. Shackelford, Indiana University, Bloomington, Frederick Douzet, Christopher Ankersen, New York University
  • Book:
    Cyber Peace
    Published online:
    21 April 2022
    Print publication:
    05 May 2022, pp 236-242
    • Chapter
      • You have access
      • Open access
    • PDF
    • HTML
    • Export citation

  • Summary

    The international community is too often focused on responding to the latest cyber attack instead of addressing the reality of pervasive and persistent cyber conflict. From ransomware against the city government of Baltimore to state-sponsored campaigns targeting electrical grids in Ukraine and the United States, we seem to have relatively little bandwidth left over to ask what we can hope for in terms of “peace” on the Internet, and how to get there. It’s also important to identify the long-term implications for such pervasive cyber insecurity across the public and private sectors, and how they can be curtailed. This edited volume analyzes the history and evolution of cyber peace and reviews recent international efforts aimed at promoting it, providing recommendations for students, practitioners, and policymakers seeking an understanding of the complexity of international law and international relations involved in cyber peace. This title is also available as Open Access on Cambridge Core.

  • The EDIT Survey: Identifying Emergency Department Information Technology Knowledge and Training Gaps

  • Daniel Kollek, David Barrera, Elizabeth Stobert, Valérie Homier
  • Journal:
    Disaster Medicine and Public Health Preparedness / Volume 16 / Issue 3 / June 2022
    Published online by Cambridge University Press:
    15 March 2021, pp. 1007-1012
  • Objective:

    To review Emergency Department internet connectivity, cyber risk factors, perception of risks and preparedness, security policies, training and mitigation strategies.

    Methods:

    A validated targeted survey was sent to Canadian ED physicians and nurses between March 5, 2019 and April 28, 2019.

    Results:

    There were 349 responses, with physicians making up 84% of the respondents (59% urban teaching, 35% community teaching, 6% community non-teaching hospitals). All had multiple passwords, 93% had more than 1 user account, over 90% had to log repeatedly each workday, 52% had to change their passwords every 3 months, 75% had multiple methods of authentication and 53% reported using a terminal where someone else was already logged in. Passwords were used to review laboratory and radiology data, access medical records and manage patient flow. Majority of the respondents (51%) did not know if they worked with internet linked devices. Only 7% identified an ‘air gapped’ computer in their facility and 76% used personal devices for patient care, with less than a third of those allowing the IT department to review their device. A total of 26 respondents received no cyber security training.

    Conclusion:

    This paper revealed significant computer-human interface dysfunctionality and readiness gaps in the event of an IT failure. These stemmed from poor system design, poor planning and lack of training. The paper identified areas with technical or training solutions and suggested mitigation strategies.