CYBER-RISK MANAGEMENT FRAMEWORKS FOR DIGITAL ECOSYSTEMS

The success of digital behemoths like Google, Microsoft, Walmart, and Netflix, is attributed to their ecosystem approach (Iansiti and Levien 2004; Walker 2021). Digital ecosystems tend to behave like platforms that connect producers and consumers efficiently (Parker et al. 2016). For example, in Uber, Kickstarter, Nintendo, and AirBnB's ecosystem, today's consumers can become producers in the future (Parker et al. 2016). These platforms tend to operate as two-sided markets (Eisenmann et al. 2015), which thrives on the principle of network effect (Hinz et al. 2020) (i.e., economic value = n2 , where n is the number of individuals enrolled on the platform) (Jiang et al. 2018). This thesis models the cyber-risk assessment, quantification, mitigation strategies for three multi-stakeholder digital ecosystems: online gaming platforms, smart cities, and crowdfunding platforms, using the concepts of data mining, machine learning, and econometrics methods. In the first study, we observe that online gaming platforms like Steam, Twitch, PlayStation, and Xbox, host Massively Multiplayer Online Games (MMOG) (such as Final Fantasy, World of Warcraft (WoW), and PlayerUnknown's Battleground (PUBG)) developed by firms such as Blizzard, Nintendo (Yahyavi and Kemme 2013). These platforms are popular entertainment options for young individuals with a high disposable income; thus, frequent targets of Distributed-Denial-of-Service (DDoS) attacks by hackers, despite legal deterrence. In this context, using the Protection-Motivation theory (PMT) (Herath and Rao 2009; Rogers 1975) and Rational-Choice theory (RCT) (Becker 1990; Cavusoglu et al. 2008; McCarthy 2002), we propose a framework to (i) assess the cyber-risk management (CRA), (ii) quantify cyber-risk (CRQ), and (iii) mitigate the cyber-risk (CRM) arising due to DDOS attacks on MMOG platforms (Campbell et al. 2003; Chatterjee et al. 2015; Gordon et al. 2003; Ransbotham 2021). We propose three different frameworks based on cyber-risk assessment methods