arxiv: 2605.10755 · v1 · submitted 2026-05-11 · 💻 cs.CR · cs.GT

Recognition: no theorem link

Cybercrime and Prevention: Colonel Blotto in Social Engineering

Gergely Benk\H{o} , Katalin Parti , Gergely Bicz\'ok

Authors on Pith no claims yet

Pith reviewed 2026-05-12 04:09 UTC · model grok-4.3

classification 💻 cs.CR cs.GT

keywords Colonel Blottosocial engineeringcybercrime preventionRoutine Activity TheoryVIVA frameworkresource allocationcyber resiliencedecision support

0 comments

The pith

Colonel Blotto game models, informed by criminological theories and real-world data, determine optimal resource allocation for preventing social engineering attacks at national and organizational levels.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that Colonel Blotto game models can identify the most effective distribution of limited defensive resources across different social engineering attack methods. It grounds these models in established criminological ideas about what makes a crime likely and uses real cybercrime statistics to run examples for countries and businesses. If the models hold, leaders could shift their awareness programs away from uniform efforts toward targeted ones that match the most common threats. This matters because human-targeted attacks bypass technical defenses and better prevention could lower overall cyber risks without increasing budgets.

Core claim

The authors develop two Colonel Blotto game models grounded in Routine Activity Theory and the VIVA framework to calculate the optimal way to spread defensive resources across major social engineering attack vectors. They feed real cybercrime data into the models to generate specific recommendations, first for three nation-states at the population level and then for five different kinds of organizations.

What carries the argument

Colonel Blotto game models for defensive resource allocation in social engineering, parameterized via Routine Activity Theory and VIVA factors from real data.

If this is right

Nation-states can achieve better population-level prevention by following the model's country-specific optima derived from attack data.
Organizations can tailor their awareness programs to their specific characteristics for improved effectiveness against likely vectors.
Data-driven Colonel Blotto approaches provide actionable decision support for cyber resilience planning by both policymakers and leaders.
Optimal allocation reduces overall vulnerability by concentrating efforts where Routine Activity Theory indicates higher risk.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This modeling technique could be applied to allocate resources against other forms of cybercrime beyond social engineering.
Integrating live threat intelligence data might allow for adaptive rather than static allocation strategies over time.
The approach suggests that uniform training programs are likely suboptimal compared to vector-targeted ones based on empirical frequencies.

Load-bearing premise

The Colonel Blotto models must accurately capture how defenders and attackers compete over resources in social engineering scenarios, and the VIVA and RAT factors must be quantifiable in a way that leads to reliable real-world recommendations.

What would settle it

If real organizations or countries that implement the recommended allocations see no reduction in social engineering success rates compared to those using equal distribution across all vectors, the models would be falsified.

Figures

Figures reproduced from arXiv: 2605.10755 by Gergely Benk\H{o}, Gergely Bicz\'ok, Katalin Parti.

**Figure 2.** Figure 2: Heatmap of the 10 best defensive strategies of Finland [PITH_FULL_IMAGE:figures/full_fig_p017_2.png] view at source ↗

**Figure 3.** Figure 3: Heatmap of the 10 best defensive strategies of the United States [PITH_FULL_IMAGE:figures/full_fig_p019_3.png] view at source ↗

**Figure 4.** Figure 4: BrightLine Energy Plc.: approximate Nash equilibrium [PITH_FULL_IMAGE:figures/full_fig_p026_4.png] view at source ↗

**Figure 5.** Figure 5: Oak & Pine Co.: approximate Nash equilibrium [PITH_FULL_IMAGE:figures/full_fig_p027_5.png] view at source ↗

**Figure 6.** Figure 6: GlobalShield Insurance Inc.: approximate Nash equilibrium [PITH_FULL_IMAGE:figures/full_fig_p029_6.png] view at source ↗

**Figure 7.** Figure 7: ForwardThink Ltd.: approximate Nash equilibrium [PITH_FULL_IMAGE:figures/full_fig_p030_7.png] view at source ↗

**Figure 8.** Figure 8: CivicWatch: approximate Nash equilibrium [PITH_FULL_IMAGE:figures/full_fig_p031_8.png] view at source ↗

read the original abstract

Cybercriminals increasingly target the human factor rather than continuously advancing technological defense mechanisms. Consequently, institutions that allocate substantial resources to strengthening their cybersecurity infrastructure may remain vulnerable if a deceived employee voluntarily transmits sensitive information or financial assets to attackers. Therefore, alongside the implementation of technological defense mechanisms, particular emphasis must be placed on mitigating human vulnerabilities, which can be achieved through preventive awareness programs. However, such training activities can only be effective if they are organization- and context-specific. In this paper, we develop two Colonel Blotto game models to determine the optimal allocation of defensive resources across dominant social engineering attack vectors. We ground the models in Routine Activity Theory (RAT), borrowed from criminology, that describes crime as an event involving a motivated offender, a suitable target, and the absence of a capable guardian. Next, we quantify relevant factors via the VIVA (Value, Inertia, Visibility, Accessibility) framework, and operationalize the models by feeding real-world cybercrime data into them. The first model investigates optimal population-level prevention, focusing on nation-states as defenders; we present and compare use cases of three different countries. The second model focuses on the organization as a decision-maker; here, we analyze five use cases involving organizations of different characteristics. Our results demonstrate that theoretically grounded and data-driven models can provide decision support to policymakers and organizational leaders in allocating their efforts optimally to prevent social engineering attacks and improve their overall cyber resilience.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper builds two Colonel Blotto models for resource allocation against social engineering, one at nation-state level and one for organizations, using RAT, VIVA, and real cybercrime data, but the payoff mappings are the weakest part.

read the letter

The main takeaway is that the authors construct two Colonel Blotto models to guide how defenders should split resources across social engineering attack vectors. One model treats nation-states as the decision maker and runs three country examples; the other treats organizations as the decision maker and runs five use cases. Both start from Routine Activity Theory, quantify via VIVA factors, and plug in real-world cybercrime data to produce allocation recommendations.

Referee Report

2 major / 2 minor

Summary. The manuscript develops two Colonel Blotto game models to determine optimal defensive resource allocations against social engineering attack vectors. The models are grounded in Routine Activity Theory (RAT) from criminology and quantified via the VIVA (Value, Inertia, Visibility, Accessibility) framework, then operationalized with real-world cybercrime data. One model addresses nation-state level prevention with three country use cases; the second addresses organizational decision-making with five use cases. The authors conclude that these theoretically grounded, data-driven models can provide actionable decision support for policymakers and leaders to prevent attacks and improve cyber resilience.

Significance. If the results hold, the work offers a novel interdisciplinary bridge between game theory and criminology for cybersecurity resource allocation, with practical value from the multiple real-world use cases. It demonstrates how Colonel Blotto models can be adapted beyond traditional domains when fed empirical data, potentially informing context-specific awareness programs. The emphasis on human-factor vulnerabilities alongside technical defenses is timely.

major comments (2)

[Model Development and Operationalization] The payoff functions mapping VIVA factors and RAT elements to Blotto battlefield values lack explicit derivation or robustness checks against real attack data. This is load-bearing for the headline claim, as the reported optimal allocations and cross-use-case comparisons depend directly on these mappings; social-engineering vectors are unlikely to be fully independent or zero-sum, and small scoring changes could shift the optima.
[Results and Use Cases] The use-case results do not include sensitivity analysis or validation showing that the computed optima align with observed cybercrime patterns; without this, it is unclear whether the models yield reliable decision support beyond illustrative examples.

minor comments (2)

[Abstract] The abstract is somewhat vague on methodological details (e.g., exact data sources and quantification steps); expanding it slightly would improve accessibility.
[Throughout] Ensure consistent terminology when referring to 'battlefields' versus 'attack vectors' and define all acronyms at first use.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments, which highlight important areas for strengthening the manuscript's clarity and empirical grounding. We address each major comment point-by-point below, outlining specific revisions that will be incorporated.

read point-by-point responses

Referee: The payoff functions mapping VIVA factors and RAT elements to Blotto battlefield values lack explicit derivation or robustness checks against real attack data. This is load-bearing for the headline claim, as the reported optimal allocations and cross-use-case comparisons depend directly on these mappings; social-engineering vectors are unlikely to be fully independent or zero-sum, and small scoring changes could shift the optima.

Authors: We agree that greater explicitness in the payoff function derivation is needed. The mappings are constructed from the criminological literature on RAT (motivated offender, suitable target, absence of guardian) and VIVA (quantifying target suitability via Value, Inertia, Visibility, Accessibility), with battlefield values assigned proportionally to empirical frequencies of social-engineering vectors drawn from the cited cybercrime datasets. In the revised manuscript we will add a dedicated subsection in the model development section that provides the full step-by-step derivation, including the exact weighting formulas and the data sources used for each VIVA/RAT component. We will also conduct and report a sensitivity analysis that perturbs the scoring weights within ranges consistent with the underlying data variability, demonstrating that the reported optima remain stable for the primary use cases. Regarding the independence and zero-sum assumptions, we acknowledge these are modeling simplifications; the Colonel Blotto framework is adopted precisely because it captures competitive resource allocation under scarcity, and we will expand the discussion of limitations to note that real-world social-engineering vectors may exhibit partial dependence and non-zero-sum elements, while arguing that the approximation remains useful for policy-level prioritization. revision: yes
Referee: The use-case results do not include sensitivity analysis or validation showing that the computed optima align with observed cybercrime patterns; without this, it is unclear whether the models yield reliable decision support beyond illustrative examples.

Authors: We accept this observation. Although the models are parameterized directly with real-world cybercrime incidence data, the original submission did not include formal sensitivity checks or explicit alignment validation. In the revision we will add a new subsection that (i) performs sensitivity analysis on key parameters (VIVA scores and RAT-derived weights) by sampling from the empirical distributions in the source datasets and (ii) compares the model's predicted high-priority attack vectors against documented high-incidence patterns for the three national and five organizational use cases. Where quantitative alignment metrics are feasible, we will report them; where data limitations prevent direct statistical validation, we will discuss the qualitative consistency and the resulting policy implications. These additions will clarify the extent to which the models provide reliable decision support. revision: yes

Circularity Check

0 steps flagged

No significant circularity; models built on external theories and real-world data inputs.

full rationale

The paper grounds its Colonel Blotto models in independently established criminological frameworks (Routine Activity Theory and VIVA) and operationalizes them using external real-world cybercrime data across use cases. No equations or steps reduce by construction to fitted parameters renamed as predictions, self-citations that bear the central load, or ansatzes smuggled via prior author work. The derivation chain remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The paper's models rest on two established criminological frameworks as domain assumptions. No free parameters or invented entities are specified in the abstract.

axioms (2)

domain assumption Routine Activity Theory (RAT) describes crime as involving a motivated offender, a suitable target, and the absence of a capable guardian.
Used to ground the models in criminology.
domain assumption VIVA framework quantifies target suitability via Value, Inertia, Visibility, Accessibility.
Operationalizes factors for the game models.

pith-pipeline@v0.9.0 · 5565 in / 1385 out tokens · 47591 ms · 2026-05-12T04:09:57.965022+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

63 extracted references · 63 canonical work pages

[1]

NIST Special Publication 800-53, Revision 5: Security and Privacy Controls for Information Systems and Or- ganizations (Update 1)

National Institute of Standards and Technology (NIST). NIST Special Publication 800-53, Revision 5: Security and Privacy Controls for Information Systems and Or- ganizations (Update 1). NIST Special Publication SP 800-53, Rev. 5, Update 1, National Institute of Standards and Technology, 2023. Accessed: 2026-01-12

work page 2023
[2]

2024 IC3 Annual Report.https://www.ic3.gov/Media/PDF/AnnualReport/2024 IC3Report.pdf,

Federal Bureau of Investigation, Internet Crime Complaint Center. 2024 IC3 Annual Report.https://www.ic3.gov/Media/PDF/AnnualReport/2024 IC3Report.pdf,

work page 2024
[3]

Accessed: 2025-11-08

work page 2025
[4]

John Wiley & Sons, 2010

Christopher Hadnagy.Social engineering: The art of human hacking. John Wiley & Sons, 2010

work page 2010
[5]

John Wiley & Sons, 2018

Christopher Hadnagy.Social engineering: The science of human hacking. John Wiley & Sons, 2018

work page 2018
[6]

Social Engineering Impacts on Government Acquisition

MITRE Corporation. Social Engineering Impacts on Government Acquisition. Tech- nical report, MITRE Corporation, October 31 2022. Accessed: 2026-01-12

work page 2022
[7]

National cybercrime strategy guidebook.https://www.interpol.int/ content/download/16455/file/Cyber Strategy Guidebook.pdf, 2022

INTERPOL. National cybercrime strategy guidebook.https://www.interpol.int/ content/download/16455/file/Cyber Strategy Guidebook.pdf, 2022. Accessed: 2025-11-07

work page 2022
[8]

Overview of cybersecu- rity and related terminology.https://www.enisa.europa.eu/publications/enisa- 33 overview-of-cybersecurity-and-related-terminology, 2017

European Union Agency for Cybersecurity (ENISA). Overview of cybersecu- rity and related terminology.https://www.enisa.europa.eu/publications/enisa- 33 overview-of-cybersecurity-and-related-terminology, 2017. Accessed: 2025- 11-07

work page 2017
[9]

John Wiley & Sons, 2024

David S Wall.Cybercrime: The transformation of crime in the information age. John Wiley & Sons, 2024

work page 2024
[10]

Cybercrime to cost the world$10.5 trillion annually by 2025.https://cybersecurityventures.com/cybercrime-damages-6-trillion- by-2021/, 2020

Cybersecurity Ventures. Cybercrime to cost the world$10.5 trillion annually by 2025.https://cybersecurityventures.com/cybercrime-damages-6-trillion- by-2021/, 2020. Accessed: 2025-11-07

work page 2025
[11]

A review of the economic costs of cyber incidents.World Bank, Washington, DC, USA, 193919, 2024

Estefania Vergara Cobos and Selcen Cakir. A review of the economic costs of cyber incidents.World Bank, Washington, DC, USA, 193919, 2024

work page 2024
[12]

Security economics knowledge guide

Tyler Moore. Security economics knowledge guide. In Awais Rashid, Yulia Cher- dantseva, Andrew Martin, and Steve Schneider, editors,CyBOK Knowledge Guides and Topic Guides. University of Bristol, 2024. KG Version 1.0.0

work page 2024
[13]

ENISA Threat Landscape 2024.https: //www.enisa.europa.eu/publications/enisa-threat-landscape-2024, 2024

European Union Agency for Cybersecurity. ENISA Threat Landscape 2024.https: //www.enisa.europa.eu/publications/enisa-threat-landscape-2024, 2024. Ac- cessed: 2025-11-08

work page 2024
[14]

Social change and crime rate trends: A routine activity approach.American sociological review, pages 588–608, 1979

Lawrence E Cohen and Marcus Felson. Social change and crime rate trends: A routine activity approach.American sociological review, pages 588–608, 1979

work page 1979
[15]

Applying routine activity theory to cybercrime: A theoretical and empirical analysis.Deviant Behavior, 37(3):263–280, 2016

Eric Rutger Leukfeldt and Majid Yar. Applying routine activity theory to cybercrime: A theoretical and empirical analysis.Deviant Behavior, 37(3):263–280, 2016

work page 2016
[16]

Routine online activity and internet fraud targeting: Extending the generality of routine activity theory.Journal of research in crime and delinquency, 47(3):267–296, 2010

Travis C Pratt, Kristy Holtfreter, and Michael D Reisig. Routine online activity and internet fraud targeting: Extending the generality of routine activity theory.Journal of research in crime and delinquency, 47(3):267–296, 2010

work page 2010
[17]

Computer crime victimization and integrated theory: An empir- ical assessment.International Journal of Cyber Criminology, 2(1), 2008

Kyung-shick Choi. Computer crime victimization and integrated theory: An empir- ical assessment.International Journal of Cyber Criminology, 2(1), 2008

work page 2008
[18]

Holt and Adam M

Thomas J. Holt and Adam M. Bossler. Examining the applicability of lifestyle-routine activities theory for cybercrime victimization.Deviant Behavior, 30(1):1–25, 2008

work page 2008
[19]

Phishing for suitable targets in the netherlands: Routine activity theory and phishing victimization.Cyberpsychology, Behavior, and Social Network- ing, 17(8):551–555, 2014

E Rutger Leukfeldt. Phishing for suitable targets in the netherlands: Routine activity theory and phishing victimization.Cyberpsychology, Behavior, and Social Network- ing, 17(8):551–555, 2014

work page 2014
[20]

Williams

Matthew L. Williams. Guardians upon high: An application of routine activities theory to online identity theft in europe at the country and individual level.The British Journal of Criminology, 56(1):21–48, 01 2016

work page 2016
[21]

Social change and crime rate trends: A routine activity approach (1979)

Lawrence E Cohen and Marcus Felson. Social change and crime rate trends: A routine activity approach (1979). InClassics in environmental criminology, pages 203–232. Routledge, 2010

work page 1979
[22]

Is psychological vulner- ability related to the experience of fraud in older adults?Clinical gerontologist, 36(2):132–146, 2013

Peter A Lichtenberg, Laurie Stickney, and Daniel Paulson. Is psychological vulner- ability related to the experience of fraud in older adults?Clinical gerontologist, 36(2):132–146, 2013. 34

work page 2013
[23]

Katalin Parti. What is a capable guardian to older fraud victims? comparison of younger and older victims’ characteristics of online fraud utilizing routine activity theory.Frontiers in Psychology, 14:1118741, 2023

work page 2023
[24]

Katalin Parti. ”Elder Scam” Risk Profiles: Individual and Situational Factors of Younger and Older Age Groups’ Fraud Victimization.International Journal of Cy- bersecurity Intelligence & Cybercrime, 5(3):20–40, October 2022

work page 2022
[25]

The wisdom of the scammed: Redefining older fraud victim support by utilizing the ecological systems framework

Katalin Parti, Faika Tahir, and Pamela B Teaster. The wisdom of the scammed: Redefining older fraud victim support by utilizing the ecological systems framework. Security Journal, 38(1):49, 2025

work page 2025
[26]

A sur- vey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities.IEEE Communications Surveys & Tutorials, 21(2):1851–1877, 2019

Adel Alshamrani, Sowmya Myneni, Ankur Chowdhary, and Dijiang Huang. A sur- vey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities.IEEE Communications Surveys & Tutorials, 21(2):1851–1877, 2019

work page 2019
[27]

Who spies on whom? unravelling the puzzle of state-sponsored cyber economic espionage.Journal of Peace Research, 61(1):59–71, 01 2024

William Akoto. Who spies on whom? unravelling the puzzle of state-sponsored cyber economic espionage.Journal of Peace Research, 61(1):59–71, 01 2024

work page 2024
[28]

Offensive cyber capabilities and state violence: Three logics of integration.Journal of Global Security Studies, 7(1):ogab028, 03 2022

Florian J Egloff and James Shires. Offensive cyber capabilities and state violence: Three logics of integration.Journal of Global Security Studies, 7(1):ogab028, 03 2022

work page 2022
[29]

A systematic literature review on advanced persistent threat behaviors and its detection strategy.Journal of Cybersecurity, 10(1):tyad023, 01 2024

Nur Ilzam Che Mat, Norziana Jamil, Yunus Yusoff, and Miss Laiha Mat Kiah. A systematic literature review on advanced persistent threat behaviors and its detection strategy.Journal of Cybersecurity, 10(1):tyad023, 01 2024

work page 2024
[30]

Decomposition and sequential- and analysis of known cyber-attacks on critical infrastructure control systems.Jour- nal of Cybersecurity, 6(1):tyaa020, 01 2020

Peter Maynard, Kieran McLaughlin, and Sakir Sezer. Decomposition and sequential- and analysis of known cyber-attacks on critical infrastructure control systems.Jour- nal of Cybersecurity, 6(1):tyaa020, 01 2020

work page 2020
[31]

Jon R. Lindsay. Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack.Journal of Cybersecurity, 1(1):53–67, 09 2015

work page 2015
[32]

Cyber conflict or democracy “hacked”? how cyber operations enhance information warfare.Journal of Cybersecurity, 6(1):tyaa013, 01 2020

Christopher Whyte. Cyber conflict or democracy “hacked”? how cyber operations enhance information warfare.Journal of Cybersecurity, 6(1):tyaa013, 01 2020

work page 2020
[33]

Consumer fraud against older adults in digital society: Examining victimization and its impact.International Journal of Environmental Research and Public Health, 20(7):5404, 2023

Steven Kemp and Nieves Erades P´ erez. Consumer fraud against older adults in digital society: Examining victimization and its impact.International Journal of Environmental Research and Public Health, 20(7):5404, 2023

work page 2023
[34]

Worry about online fraud and older adults: Avoidant and protective responses.Journal of Criminology, page 26338076241293144, November 2024

Steven Kemp, Esther Sitges Maci´ a, and Nieves Erades-P´ erez. Worry about online fraud and older adults: Avoidant and protective responses.Journal of Criminology, page 26338076241293144, November 2024

work page 2024
[35]

La th´ eorie du jeu et les ´ equations int´ egralesa noyau sym´ etrique.Comptes rendus de l’Acad´ emie des Sciences, 173(1304-1308):58, 1921

Emile Borel. La th´ eorie du jeu et les ´ equations int´ egralesa noyau sym´ etrique.Comptes rendus de l’Acad´ emie des Sciences, 173(1304-1308):58, 1921

work page 1921
[36]

The colonel blotto game.Economic Theory, 29(1):1–24, 2006

Brian Roberson. The colonel blotto game.Economic Theory, 29(1):1–24, 2006

work page 2006
[37]

World Scientific Publishing Company, Singapore, 2013

Sergiu Hart and Andreu Mas-Colell.Simple Adaptive Strategies: From Regret- Matching to Uncoupled Dynamics, volume 4 ofWorld Scientific Series in Economic Theory. World Scientific Publishing Company, Singapore, 2013. 35

work page 2013
[38]

Colonel blotto in the phishing war

Pern Hui Chia and John Chuang. Colonel blotto in the phishing war. InInternational Conference on Decision and Game Theory for Security, pages 201–218. Springer, 2011

work page 2011
[39]

Whack-a-mole: Asymmetric con- flict and guerrilla warfare in web security

Pern Hui Chia, John Chuang, and Yanling Chen. Whack-a-mole: Asymmetric con- flict and guerrilla warfare in web security. InProceedings of the 15th Annual Work- shop on the Economics of Information Security, 2016

work page 2016
[40]

Defense against advanced persistent threats in dynamic cloud storage: A colonel blotto game approach.IEEE Internet of Things Journal, 5(6):4250–4261, 2018

Minghui Min, Liang Xiao, Caixia Xie, Mohammad Hajimirsadeghi, and Narayan B Mandayam. Defense against advanced persistent threats in dynamic cloud storage: A colonel blotto game approach.IEEE Internet of Things Journal, 5(6):4250–4261, 2018

work page 2018
[41]

A colonel blotto game for interdependence-aware cyber-physical systems security in smart cities

Aidin Ferdowsi, Walid Saad, Behrouz Maham, and Narayan B Mandayam. A colonel blotto game for interdependence-aware cyber-physical systems security in smart cities. InProceedings of the 2nd international workshop on science of smart city operations and platforms engineering, pages 7–12, 2017

work page 2017
[42]

A three-stage colonel blotto game with applications to cyberphysical security

Abhishek Gupta, Galina Schwartz, C´ edric Langbort, S Shankar Sastry, and Tamer Baˇ rar. A three-stage colonel blotto game with applications to cyberphysical security. In2014 American Control Conference, pages 3820–3825. IEEE, 2014

work page 2014
[43]

Katalin Parti, Thomas Dearden, James Hawdon, and Hasler Chloe. Cross-Sectional Survey of Cybercriminology – April 2022 Interna- tional Sample.https://data.lib.vt.edu/articles/dataset/Cross- Sectional Survey of Cybercriminology April 2022 International Sample / 28303751, 2025

work page 2022
[44]

Sex, lies and cyber-crime surveys

Dinei Florˆ encio and Cormac Herley. Sex, lies and cyber-crime surveys. InEconomics of information security and privacy III, pages 35–53. Springer, 2012

work page 2012
[45]

Reviewing estimates of cybercrime victimisa- tion and cyber risk likelihood

Daniel W Woods and Lukas Walter. Reviewing estimates of cybercrime victimisa- tion and cyber risk likelihood. In2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 150–162. IEEE, 2022

work page 2022
[46]

Perspectives of paid panel survey research in cybercrime victimization and offending: Validity of global on- line market research sampling and data collection

Katalin Parti, Thomas Dearden, and James Hawdon. Perspectives of paid panel survey research in cybercrime victimization and offending: Validity of global on- line market research sampling and data collection. InThe Routledge International Handbook of Online Deviance, pages 114–131. Routledge, 2024

work page 2024
[47]

Accessed: 2025-10-06

COcyber Map.https://cocyber.eu/platform/cocyber-map, 2025. Accessed: 2025-10-06

work page 2025
[48]

Government cybersecurity capacity.https:// digitalsocietyproject.org/government-cybersecurity-capacity/, 2025

Digital Society Project. Government cybersecurity capacity.https:// digitalsocietyproject.org/government-cybersecurity-capacity/, 2025. Ac- cessed: 2026-05-05

work page 2025
[49]

Routine activity theory and the determinants of high cybercrime coun- tries.Social Science Computer Review, 30(4):470–486, 2012

Alex Kigerl. Routine activity theory and the determinants of high cybercrime coun- tries.Social Science Computer Review, 30(4):470–486, 2012

work page 2012
[50]

Social media users by country 2025.https: //worldpopulationreview.com/country-rankings/social-media-users-by- country, 2025

World Population Review. Social media users by country 2025.https: //worldpopulationreview.com/country-rankings/social-media-users-by- country, 2025. Accessed: 2025-10-07. 36

work page 2025
[51]

Global cybersecurity index (gci)

International Telecommunication Union (ITU). Global cybersecurity index (gci). https://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx, 2024. Accessed: 2025-10-07

work page 2024
[52]

Vakhitova, Clair L

Zarina I. Vakhitova, Clair L. Alston-Knox, and Rob I. Mawby. Online routine activi- ties and self-guardianship against cyber abuse.Victims & Offenders, 18(4):623–645, 2023

work page 2023
[53]

Muhammad Waqas, Alishba Hania, Farzan Yahya, and Iqra Malik. Enhancing cy- bersecurity: The crucial role of self-regulation, information processing, and financial knowledge in combating phishing attacks.Sage Open, 13(4):21582440231217720, 2023

work page 2023
[54]

Which factors predict susceptibility to phishing? an empirical study.Computers & Security, 136:103558, 2024

Liliana Ribeiro, Inˆ es Sousa Guedes, and Carla Sofia Cardoso. Which factors predict susceptibility to phishing? an empirical study.Computers & Security, 136:103558, 2024

work page 2024
[55]

World bank country and lending groups.https: //datahelpdesk.worldbank.org/knowledgebase/articles/906519-world-bank- country-and-lending-groups, 2025

World Bank. World bank country and lending groups.https: //datahelpdesk.worldbank.org/knowledgebase/articles/906519-world-bank- country-and-lending-groups, 2025. Accessed: 2025-10-07

work page 2025
[56]

Ethnologue 200: The top 200 most spoken languages.https: //www.ethnologue.com/insights/ethnologue200/, 2025

SIL International. Ethnologue 200: The top 200 most spoken languages.https: //www.ethnologue.com/insights/ethnologue200/, 2025. Accessed: 2025-10-07

work page 2025
[57]

Individuals using the internet (% of population).https:// data.worldbank.org/indicator/IT.NET.USER.ZS, 2025

World Bank. Individuals using the internet (% of population).https:// data.worldbank.org/indicator/IT.NET.USER.ZS, 2025. Accessed: 2025-10-07

work page 2025
[58]

2: Statistical classification of eco- nomic activities in the European Community, 2008

Eurostat, European Commission.NACE Rev. 2: Statistical classification of eco- nomic activities in the European Community, 2008. Product code: KS-RA-07-015; ISBN978-92-79-04741-1; ISSN 1977-0375

work page 2008
[59]

2024 data breach investigations report.https://www.verizon.com/ business/resources/reports/dbir/, 2024

Verizon. 2024 data breach investigations report.https://www.verizon.com/ business/resources/reports/dbir/, 2024. Accessed: 2025-11-15

work page 2024
[60]

MITRE ATT&CK Framework.https://attack.mitre.org,

MITRE Corporation. MITRE ATT&CK Framework.https://attack.mitre.org,

work page
[61]

Accessed: 2025-10-21

work page 2025
[62]

Reshaping the cybersecurity landscape: How digitization and the covid-19 pandemic are accelerating cybersecurity needs at many large financial institutions.Deloitte Insights, 2020

Julie Bernard and Mark Nicholson. Reshaping the cybersecurity landscape: How digitization and the covid-19 pandemic are accelerating cybersecurity needs at many large financial institutions.Deloitte Insights, 2020. Accessed: 2025-11-07

work page 2020
[63]

European Commission. Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (2003/361/EC).https: //eur-lex.europa.eu/eli/reco/2003/361/oj/eng, 2003. 37

work page 2003