Program

Unless noted otherwise, all WEIS events will take place in the Goldman Theater at the David Brower Center in downtown Berkeley.

Monday, June 1st

17:00-20:00

Welcome Reception: East Bay Spice Company
The reception will feature craft cocktails and light hors d’oeuvre. East Bay Spice Company is in downtown Berkeley, around the corner from the workshop venue.

Tuesday, June 2nd

8:30-9:00	Breakfast
9:00-9:05	Opening Remarks Serge Egelman, UC Berkeley / ICSI Chair, WEIS 2026
9:05-10:00	Ross Anderson WEIS Lecture (Keynote) Susan Athey, Stanford University
10:00-10:30	Break
10:30-12:10	Paper Session I: Game Theory Session Chair: Mingyan Liu Cybersecurity and Market Share in Digital Ecosystems with Network Externalities Daniel Arce LASB: A Liquidity-Adjusted Security Metric for Consensus Attacks Ke Wang, Wenbin Wu, and Alexander Neumueller Analyzing Investment Incentives under METI’s New Rating System via a Stepwise Extension of the Gordon-Loeb Model Ryoma Kanai and Kanta Matsuura Cybercrime and Prevention: Colonel Blotto in Social Engineering Gergely Benkő, Katalin Parti, and Gergely Biczók
12:10-13:00	Lunch
13:00-15:10	Paper Session II: Crime and Measurement Session Chair: Jean Camp Stand-Alone Complex or Vibercrime? Exploring the Adoption and Innovation of GenAI Tools, Coding Assistants, and Agents within Cybercrime Ecosystems Jack Hughes, Ben Collier, and Daniel Thomas Estimating the Social Cost of Corporate Data Breaches Lina Alkarmi, Armin Sarabi, and Mingyan Liu How Do Cyber Attacks Impact Corporate Balance Sheets and Income Statements? An Empirical Study Teyyub Mutallimov, Dana Itzhaki, and Tyler Moore The Impact of Cyber Attacks on Security Investment: Evidence from Firm-Level Panel Data Abulfaz Hajizada, Dana Etgar Itzhaki, Noa Barnir, Tyler Moore, and Neil Gandal
15:10-15:45	Break
15:45-17:00	Paper Session III: Privacy Session Chair: Alessandro Acquisti Privacy Agents in the Field Aileen Nielsen and Yafit Lev-Aretz Who Wants Privacy Anyway? Comparative Evidence on CBDC Design Preference Vagisha Srivastava Privacy Interventions and Publishers’ Revenues: Evidence on Long-Run Effects and Ad-Traffic Heterogeneity Tobias Kircher, Riley Grossman, Mike Smith, Alessandro Acquisti, Cristian Borcea, Yi Chen, and Cristobal Cheyre
18:00-21:00	Dinner Dinner will be at Comal in downtown Berkeley (on Shattuck, 2.5 blocks away from the venue).

Wednesday, June 3rd

8:30-9:00	Breakfast
9:00-10:40	Paper Session IV: Insurance and Risk Management Session Chair: Daniel Arce Ransomware Insurance and Strategic Ransom Demand Manos Perdikakis Disentangling the Sources of Cyber Risk Premia Loïc Maréchal and Nathan Monnet Defending Against Intelligent Attackers at Large Scales Andrew Lohn “People were not happy when admitting mistakes”: Evolving Past Defensiveness in Running Coordinated Vulnerability Disclosure Programs Sandra Rivera Pérez, Amy Tjin Tjoen Jin, Michel van Eeten, and Carlos Gañán
10:40-11:00	Break
11:00-12:30	Panel: Putting Theory to Practice This session brings together industry leaders to move beyond abstract models and spotlight real-world cyber risk quantification that drives business decisions. The panel will present concrete use cases: underwriting, portfolio management, third‑party risk, scenario modeling, and more, illustrating measurable outcomes and implementation challenges. The panel will also discuss practical collaboration opportunities between academia and industry, ensuring academic advances become operational and valuable to insurers and risk managers. Moderator: Scott Stransky, Marsh Panelists: TBA
12:30-13:30	Lunch
13:30-14:45	Paper Session V: Infrastructure Weak? Session Chair: Kanta Matsuura Cybersecurity Ratings to Support Domain-Specific Financial Decisions: Applications to National Infrastructures, Cyberinsurance, Gordon-Loeb Model, and NPV Analysis William Yurcik, Gregory Pluta, and Fábio Miranda The Emergence of Public Key Infrastructures: Changing Authority Structures and the Automation of Trust in Cyberspace Milton Mueller Time Will Tell: A Longitudinal Analysis of the Evolution of Security and Privacy of Three IoT Device Types Swaathi Vetrivel, Michel van Eeten, and Carlos Gañán
14:45-15:00	Break
15:00-15:50	Paper Session VI: Naming Names Session Chair: Gergely Biczók “I’m the mess that you wanted”: Evaluating the Accuracy of WHOIS Asset Discovery Against Self-Reported Data Yana Angelova, Aksel Ethembabaoglu, Rolf van Wegberg, Carlos Gañán and Michel van Eeten Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover Koen van Hove, Jeroen van der Ham-de Vos and Roland van Rijswijk-Deij
15:50-16:00	Break
16:00-17:00	Rump Session Conference participants are invited to give short (5-minute maximum) talks on new research and works in progress. To reserve a spot, email the rump session chair, Tyler Moore (tyler-moore@utulsa.edu), with the subject “WEIS26 rump session,” along with a title and affiliation.

Program

Organizers

Sponsors

Gold

Silver

Colorway Theme

Recent Post

Fully Responsive

Design Your Home