Addressing Cybersecurity and Cybercrime via a Co-evolutionary Approach To Reducing Human-related Risks (ACCEPT)

Funded Value:
£767,982

Funder:
EPSRC

Project Status:
Active

Project Reference:
EP/P011896/2

Lead Research Organisation: 
University of Kent

Principal Investigator: 
Shujun Li

Co-Investigators:
Professor Roger Maull

Researchers and practitioners have acknowledged, human-related risks, among the most important factors in cybersecurity. An IBM report (2014) shows that over 95% of security incidents involved “human errors”. Responses to human-related cyber risks remain undermined by a conceptual problem: the mindset associated with the term ‘cyber’-crime. It has persuaded us that that crime with a cyber-dimension occur purely within a (non-physical) ‘cyber’ space, and that these constitute wholly new forms of offending, divorced from the human/social components of traditional (physical) crime landscapes. In this context, the unprecedented linking of individuals and technologies into global social-physical networks has generated exponential complexity and unpredictability of vulnerabilities.

In addition to hyperconnectivity, the dynamic evolving nature of cyber systems is equally important. Cyber systems change far faster than biological or material cultures. Criminal behavior and techniques evolve in relation to the changing nature of opportunities centering on target assets, tools and weapons, routine activities and business models. Studying networks and relationships between individuals, businesses and organisations in a hyperconnected environment requires an understanding of communities and the broader ecosystems. This complex, non-linear process can lead to co-evolution in the medium-longer term.

While there is isolated research across these areas, there is no holistic framework combining all these theoretical concepts to allow a more comprehensive understanding of human-related risks within cybersecurity ecosystems and to design more effective and engaging approaches to reduce such risks.

The project’s overall aim is to develop a framework through which we can analyse the behavioral co-evolution of cybersecurity and cybercrime ecosystems and effectively influence a range of factors in the ecosystems in order to reduce human-related risks. The new framework and solutions provided will contribute towards enhanced safety online for many different kinds of users, whether these are from government, industry, the research community or the general public.