Publications

Status: November 2025

Agrafiotis, I., Bada, M., Cornish, P., Creese, S. Goldsmith, M., Ignatuschtschenko, E., Roberts, T. and Upton, D. M. (2016). Cyber Harm: Concepts, Taxonomy and Measurement - Working Paper 2016-23. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2828646

Agrafiotis, I., Beato, F., Creese, S., Dutton, Esteve-Gonzalez, P., Saunders, J., and Rohland, L. (2024). Unpacking Cyber Resilience. White Paper. World Economic Forum. Available at: https://www.weforum.org/publications/unpacking-cyber-resilience/

Agrafiotis, I., Nurse, J.R.C., Goldsmith, M., Creese, S., Upton, D. (2018). ‘A Taxonomy of Cyber-harms: Defining the Impacts of Cyber-attacks and Understanding How They Propagate’, Journal of Cybersecurity, v 4 n 1, p.1-15. Available at: https://academic.oup.com/cybersecurity/article/4/1/tyy006/5133288?searchresult=1

Austin, R. D. and Upton, D. M. (2016). Leading in the Age of Super-Transparency. MITSloan Management Review. 57(2), pp 25 – 32. Available at: http://research.cbs.dk/files/44436506/robert_austin_leading_in_the_age_postprint.pdf 

Axon, L. Bouckaert, J., Creese, S., Joshi, A., and Saunders, J. (2025). Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards. World Economic Forum. Available at: https://reports.weforum.org/docs/WEF_Artificial_Intelligence_and_Cybersecurity_Balancing_Risks_and_Rewards_2025.pdf

Axon, L., Creese, S., Dixon, W., and Saunders, J. (2020). Why we need to solve our quantum security challenges. World Economic Forum. Available at: https://www.weforum.org/agenda/2020/06/quantum-computers-security-challenges/

Axon, L., Saunders, J., Esteve-González, P., Carver, J., Dutton, W., Goldsmith, M., and Creese, S. (2025). Private-public initiatives for cybersecurity: the case of Ukraine. Journal of Cyber Policy, 9(3): 3991–4224. Available at: https://doi.org/10.1080/23738871.2025.2451256

Bada, M. and Sasse, A. (2014). Cyber Security Awareness Campaigns: Why do they fail to change behaviour? Available at: http://discovery.ucl.ac.uk/1468954/

Bada, M., Creese, S., Goldsmith, M. and Mitchell, C.J. (2017). Improving the Effectiveness of CSIRTs. CYBER 2017: The Second International Conference on Cyber-Technologies and Cyber-Systems. Available at: http://www.thinkmind.org/index.php?view=article&articleid=cyber_2017_4_30_80060

Bada, M., Creese, S., Goldsmith, M., Mitchell, C., & Phillips, E. (2017). Improving the effectiveness of CSIRTs. In The Second International Conference on Cyber-Technologies and Cyber-Systems (pp. 53-58). Available at: https://www.semanticscholar.org/paper/Improving-the-Effectiveness-of-CSIRTs-Bada-Creese/976697ab0217fedd540cac7bea08907762448970

Bada, M., Creese, S., Goldsmith, M., Mitchell, C.J., Phillips, E. (2014a). Computer Security Incident Response Teams (CSIRTs) – An Overview. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3659974

Bada, M., Nurse, J.R.C. (2016). The Cybercrime Ecosystem: How the Internet Supports Criminal Behaviour Online. OII Oxford Internet Institute, Connected Life 2016: Collective Action and the Internet Conference, June 2016. Available at https://gcscc.ox.ac.uk/article/cybercrime-ecosystem-how-internet-may-support-criminal-behaviour-online

Bada, M., Nurse, J.R.C. (2016b). Profiling the Cybercriminal. International Crime and Intelligence Analysis Conference. 25-26 February 2016 Manchester, England. Available at https://gcscc.ox.ac.uk/article/profiling-cybercriminal

Bada, M., Von Solms, B., Agrafiotis, I. (2019). Reviewing National Cybersecurity Awareness for Users and Executives in Africa’, The International Journal on Advances in Security, v 12 n 1&2, p.108-118. Available at: http://www.iariajournals.org/security/sec_v12_n12_2019_paged.pdf

Bagui, L., Boorman, J., Calandro, E., Pule, N., Weisser Harris, C. (2020). Reviewing cybersecurity capacity in a COVID-19 environment. Available at: www.c3sa.uct.ac.za/c3sa/news/2020/review

Bauer, J. M. and Dutton, W. H. (2015). The New Cyber Security Agenda: Economic and Social Challenges to a Secure Internet, Joint working paper for the Oxford Global Cybersecurity Project at the Oxford Martin Institute, University of Oxford, and the Quello Center at MSU, based on a briefing document prepared by the authors to support the World Bank World Development Report. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2614545

Bauer, J. M. and Dutton, W. H. (2021). Cybersecurity: Towards a New Agenda for Policy and Practice in Portuguese as: A Nova Agenda de Cbersegurança: Desafios Econômicos e Sociais Para Uma Internet Segura, pp. 35-64 in Cadernos NIC.br Estudos Setoriais - Segurança Digital: Uma Análise de Gestão de Risco em Empresa Brasileiras.

Bispham, M., Creese, S., Dutton, W. H., Esteve-González, P., and Goldsmith, M. (2022). An Exploratory Study of Cybersecurity in Working from Home: Problem or Enabler? Journal of Information Policy, 12: 353-386. Available at: https://doi.org/10.5325/jinfopoli.12.2022.0010

Blank, G., Boiko, N., Chernenko, E., Dembitsky, S., Dutton, W., and Goroshko, O. (2025). Political communication in wartime Ukraine. Paper presented at the 5th International Sociological Association Forum, 10 July in Rabat, Morocco.

Blank, G., Bolsover, G. and Dubois, E. (2014). A New Privacy Paradox: Young People and Privacy on Social Network Sites. Available at: https://www.oxfordmartin.ox.ac.uk/downloads/A%20New%20Privacy%20Paradox%20April%202014.pdf

Bund, J. (2019). Susceptibility Awareness: Domestic Vectors for Disrupting the Kill Chain of Cyber-enabled Influence Operations, European Cybersecurity Journal, v 5 n 2, p.34-45. Available at: https://cybersecforum.eu/media/ECJ_2019.pdf

Chernenko, Elizaveta and Dutton, W. H. (2025). The Role of Telegram in Wartime Ukraine: Trust, Utility, and Controversy, Portulans Institute, Washington DC, October 26. Available at: https://ssrn.com/abstract=5669030 or http://dx.doi.org/10.2139/ssrn.5669030

Cornish P. (2017). Deterrence and the Ethics of Cyber Conflict. In: Taddeo M., Glorioso L. eds. Ethics and Policies for Cyber Operations. Philosophical Studies Series. vol 124. Cham: Springer, pp. 1 – 16. Available at: https://link.springer.com/chapter/10.1007/978-3-319-45300-2_1

Creese, S., Dutton, W. H., and Esteve-González, P. (2021). The Social and Cultural Shaping of Cybersecurity Capacity Building: A Comparative Study of Nations and Regions. Personal and Ubiquitous Computing, 25, : 941-955. Available at: https://doi.org/10.1007/s00779-021-01569-6

Creese, S., Dutton, W. H., Esteve-González, P., and Shillair, R. (2021). Cybersecurity Capacity-Building: Cross-National Benefits and International Divides'. Journal of Cyber Policy, 6(2): 214-235. Available at: https://doi.org/10.1080/23738871.2021.1979617

Creese, S., Goldsmith, M., Griffin, M., Puello Alfonso S., Weisser Harris, C., Agrafiotis, I., Bund, J., and Nagyfejeo, E. (2019). GCSCC Global Impact. GCSCC Working Paper on the Knowledge and Policy Contributions from the First Five Years. Available at: https://gcscc.ox.ac.uk/sites/default/files/gcscc_booklet_web.pdf

Creese, A, Saunders, J., Axon L. and Dixon, W. (2020) Future Series Report: Cybersecurity, emerging technology and systemic risk, November 2020, Available at: https://www.weforum.org/reports/future-series-cybersecurity-emerging-technology-and-systemic-risk

Creese, S., Shillair, R., Bada, M., Reisdorf, B.C., and Dutton, W. H. (2019). The Cybersecurity Capacity of Nations, pp. 165-179 in Graham, M., and Dutton, W. H. (eds), Society and the Internet: How Networks of Information and Communication are Changing our Lives, 2nd Edition. Oxford: Oxford University Press.

De Bruin, R. and von Solms, S.H. (2015). Modelling Cyber Security Governance Maturity. 2015 IEEE International Symposium on Technology and Society, pp. 1–8. Available at: https://ieeexplore.ieee.org/abstract/document/7439415/

Dutton, W. H. (2017). Fostering a Cyber Security Mindset. Internet Policy Review, 6(1): DOI: 10.14763/2017.1.443. Available at: https://policyreview.info/node/443/pdf. An abridged version was reprinted in Encore, a publication of The Alexander von Humboldt Institute for Internet and Society (HIIG). 2018. Available at: https://www.hiig.de/en/fostering-cybersecurity-mindset/

Dutton, W. H. (2020) (ed.), A Research Agenda for Digital Politics. Cheltenham, UK and Northampton, MA, USA: Edward Elgar Publishing.

Dutton, W. H. (2020). The Fifth Estate: Canaries in the Institutions of Liberal Democracies, pp. 59-65 in Melanie Nagel, Patrick Kenis, Philip Leifeld, and Hans-Jörg Schmedes (Hrsg.), Politische Komplexität, Governance von Innovationen und Policy-Netzwerke: Festschrift für Volker Schneider. Wiesbaden, Germany: Springer VS. Available at: https://doi.org/10.1007/978-3-658-30914-5

Dutton, W. H. (2020). To Be or Not to Be Virtual. Intermedia Issue. Vol. 48 Issue 3. Available at: https://www.iicom.org/wp-content/uploads/dutton.pdf 

Dutton, W. H. (2022). Will Going Online Save or Sink the Traditional University System?, Chapter 10, pp. 233-248 in Elizabeth Anne Kirley and Deborah Porter, eds, Outsmarting the Next Pandemic: What COVID-19 Can Teach Us. London and New York: Routledge.

Dutton, W. H. (2023). The Fifth Estate: The Power Shift of the Digital Age. New York: Oxford University Press.

Dutton, W. H. (2025). The War on Information in Ukraine: A Global Ecology, pp. 62-71 in Roland A. Römhildt , ed., Reclaiming Europe: A Collection of Essays. Berlin: Young Network TransEurope. 

Dutton, W. H. and Axon, L. and Weisser Harris, C. (2021). Structured Field Coding and Its Application to National Assessments. Available at: https://ssrn.com/abstract=3781600

Dutton, W. H. and Blank, G. (2025). The War on Trust in Public Officials and the Media of Ukraine', Ukraine Studies Working Paper. Washington DC: Portulans Institute. Available at: https://ssrn.com/abstract=5202222 or http://dx.doi.org/10.2139/ssrn.5202222

Dutton, W. H. and Blank, G. (forthcoming). Liberal Democratic Crises over Digital Media have been Eclipsed by Russia’s War on Information, chapter in S, Coleman, F. Esser, J. Firmstone, K. Parry, and C. Paterson, eds., Public Communication in Free Fall, London: Palgrave.

Dutton, W. H. and Robertson, C. T. (2021). Disentangling Polarization and Civic Empowerment in the Digital Age: The Role of Filter Bubbles and Echo Chambers in the Rise of Populism, pp. 420-434 in Howard Tumber and Silvio Waisbord (eds), The Routledge Companion to Media Misinformation and Populism. New York: Routledge.

Dutton, W. H., and Dubois, E. (2023). The Fifth Estate: A New Source of Democratic Accountability, pp. 272-286 in Coleman, S., and Sorenson, L. (eds), Handbook of Digital Politics, Second Edition. Cheltenham, UK: Edward Elgar.

Dutton, W. H., and Zorina, A. (2021). The Ecology of Games Reshaping Information Policy: Internet Access in Belarus to Cyber Harms in the United Kingdom, Chapter 9, pp. 130-145, in Duff, A., ed., Research Handbook on Information Policy. Cheltenham, UK: Edward Elgar Publishing Ltd

Dutton, W. H., Creese, S., Sadie, Gonzalez, P. E, Goldsmith, Michael, G., and Weisser Harris , C. (2022). Next Steps for the EU: Building on the Paris Call and EU Cybersecurity Strategy. Available at: Available at: https://ssrn.com/abstract=4052728

Dutton, W. H., Creese, S., Shillair, R., and Bada, M. (2019a). Cyber Security Capacity: Does It Matter? Journal of Information Policy, 9, pp. 280-306. Available at https://scholarlypublishingcollective.org/psup/information-policy/article/doi/10.5325/jinfopoli.9.2019.0280/314505/Cybersecurity-Capacity-Does-It-Matter

Dutton, W. H., Goroshko, O., Dembitskyi, S., Chernenko, L., Blank, G., and Boiko, N. (2025). Trust in Media, Information, and the Government in Ukraine: A Virtuous Circle of Challenges, paper delivered at the 2025 Meeting of the World Internet Project, Berlin, Germany, 7 July. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5311707

Dutton, W. H., Griffin, M., Nagyfejeo, E., Puello Alfonso, S., Weisser Harris, C., and Bada, M., (2018). Collaborative Approaches to a Wicked Problem: Global Responses to Cybersecurity Capacity Building, February. GCSCC Working Paper on the 2018 Annual GCSCC Conference, Oxford University. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3660000

Dutton, W. H., Shillair, R., Axon, L., and Weisser, C. (2023). Structured Field Coding and its Applications to National Risk and Cybersecurity Assessments, Applied Cybersecurity & Internet Governance, 2(1): 1-5. https://acigjournal.com/resources/html/article/details?id=614694&language=en

Dutton, W. H. and Esteve-Gonzalez, Patricia, Multidisciplinary Approaches to the Rise of Cybersecurity Research (November 17, 2020). Available at SSRN: https://ssrn.com/abstract=3732333 or http://dx.doi.org/10.2139/ssrn.3732333

Esteve-González, P., Axon, L., Creese, S., Dutton, W.H., Saunders, J., Carver, J., and Goldsmith, M. (2025). Cybersecurity Capacities for the Application of UN Cyber Norms. Available at SSRN. http://dx.doi.org/10.2139/ssrn.5089805

Esteve-González, P., Dutton, W. H., Creese, S., and Agrafiotis, I. (2023). Cybersecurity Implications of Changing Patterns of Office, Home, and Hybrid Work: An Exploratory Global Survey. Available at: http://dx.doi.org/10.2139/ssrn.4322366

Goroshko, O., Dutton, W. H., Dembitskyi, S., Chernenko, L., Boiko, N., and Blank, G. (2024). Media Use and Attitudes in Ukraine: A Smart Nation. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4958986

Griffin, M. (2018). Global Cybersecurity Education – Lessons from the CMM. GCSCC Working Paper. Available at: https://gcscc.ox.ac.uk/article/global-cybersecurity-education-lessons-cmm

Hameed, F., Agrafiotis, I., Weisser, C., Goldsmith, M. and Creese S. (2018). Analysing Trends and Success Factors of International Cybersecurity Capacity-Building Initiatives. SECURWARE 2018: The Twelfth International Conference on Emerging Security Information, Systems and Technologies. Available at: https://ora.ox.ac.uk/objects/uuid:50e9c5aa-4f3d-40f0-a0a0-ff538b735291/download_file?file_format=pdf&safe_filename=Analysing-trends-success%2BFaisal%2BHameed%2B10SEP18%2BCamera%2BReady.pdf&type_of_work=Conference+item

Ignatuschtschenko, E. (2016). Jurisdiction on the Internet: Making Multi-Stakeholder Cooperation Work. Available at: https://gcscc.ox.ac.uk/article/jurisdiction-internet-making-multi-stakeholder-cooperation-work

Korff, Douwe. (2016). Harm caused to fundamental rights and freedoms by state cybersecurity interventions. Available at https://ssrn.com/abstract=3709808

Kritzinger, E., Bada, M., Nurse, J.R.C. (2017). A Study into the Cybersecurity Awareness Initiatives for School Learners in South Africa and the UK. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. eds. WISE 2017: Information Security Education for a Global Digital Society. Cham: Springer, pp. 110 – 120. Available at: https://link.springer.com/chapter/10.1007/978-3-319-58553-6_10

Nagyfejeo, E. (2018). EU’s Emerging Strategic Cyber Culture(s), Policing: A Journal of Policy and Practice, 24 December: 1-24. Available at https://doi.org/10.1093/police/pay092

Nagyfejeo, E., Solms, B.V. (2020). Why Do National Cybersecurity Awareness Programmes Often Fail?. International Journal of Information Security and Cybercrime, 9(2), 18-27. Available at: https://www.ijisc.com/year-2020-issue-2-article-3/

Nurse J. and Bada, M. (2019). The Group Element of Cybercrime: Types, Dynamics, and Criminal Operations. In: Attrill-Smith, A., Fullwood, C., Keep, M. and Kuss, D.J. eds. The Oxford Handbook of Cyberpsychology. Oxford: Oxford University Press. Available at: https://www.oxfordhandbooks.com/view/10.1093/oxfordhb/9780198812746.001.0001/oxfordhb-9780198812746-e-36?print=pdf

Nurse, J. R. C. and Bada, M. (2017). Connected Life: Digital Inequalities. MIND THE GAP: How Digital Inequality Impacts Cyber Security. Oxford: Oxford Internet Institute.

Nurse, J., Agrafiotis, I., Erola, A., Bada, M., Roberts, T., Williams, M., Goldsmith, M., and Creese, S. (2016). An Independent Assessment of the Procedural Components of the Estonian Internet Voting System - Working Paper 6. Cyber Studies Programme Working Paper Series in Department of Politics and International Relations, University of Oxford. Available at: https://ssrn.com/abstract=2858336

Reisdorf, B., Fernandez, L., Hampton, K. N., Shin, I., and Dutton, W. H. (2020). Mobile Phones Will Not Eliminate Digital and Social Divides: How Variation in Internet Activities Mediates the Relationship between Type of Internet Access and Local Social Capital in Detroit, Social Science Computer Review, March: https://doi.org/10.1177/0894439320909446

Roberts, T. (2016) Deciphering the Chinese Underground Economy. GCSCC Working Paper. Available at: https://gcscc.ox.ac.uk/article/deciphering-chinese-underground-economy

Roberts, T., Bada, M., and Dotzauer, E. (2014). Strategies for Increasing Scale and Quality of Cybersecurity Capacity-Building Investments. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3660003 

Rohland, L., Beato, F., Paine, K., Agrafiotis, I., Creese, S., Dutton, W.H., Esteve-Gonzalez, P., and Saunders, J. (2025). The Cyber Resilience Compass: Journeys Towards Resilience. World Economic Forum. Available at: https://www.weforum.org/publications/the-cyber-resilience-compass-journeys-towards-resilience/

Rudolph, C., Creese, S., Sharma, S. (2020). Cybersecurity in Pacific Island Nations. Communications of the ACM. Vol. 63 No. 4, Pages 53-54. Available at: https://doi.org/10.1145/3378550

Sheriff, P., Weisser Harris, C. and Saunders, J., (2024). Evaluating the Impact of Cybersecurity Capacity Building. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4821426

Shillair, R., Esteve-Gonzaez, P., Dutton., W., Creese, S., and von Solms, B. (2023). Building Cybersecurity Capacity Through Education, Awareness, and Training, pp. forthcoming Chapter 22 in Vajjhala, N.R. & Strang, K.D. (eds), Cybersecurity for Decision Makers. London: Taylor & Francis. Available at: https://doi.org/10.1201/9781003319887

Shillair, R., Esteve-González, P., Dutton, W. H., Creese, S., Nagyfejeo, E., and Von Solms, B. (2022)., Cybersecurity Education, Awareness Raising, and Training Initiatives: National Level Evidence-Based Results, Challenges, and Promise.’, Computers & Security, 119. (May). Available at: https://doi.org/10.1016/j.cose.2022.102756

Von Solms, B. and Upton, D. (2016). Cyber security capacity governance. The Business & Management Review. 7(4), pp. 34.

Wall, D.S. (2024) Cybercrime: The transformation of crime in the information age, 2nd Edition (Significant rewrite), Cambridge: Polity. (Hardback ISBN: 978-0-745-65352-5) (Paperback ISBN: 978-0-745-65353-2) / UK Publication date 26 April 2024, US Publication date 22 July 2024.

Weisser Harris, C. and Bada, M. (2016). Kosovo – What Followed the CMM Review? A GCSCC Working Paper. Available at: https://gcscc.ox.ac.uk/article/kosovo-what-followed-cmm-review

Yates, S. J., Jones, G., Preston, A., Dutton, B., and Carmi, E. (2020). ESRC Review: Governance and Security, pp. 605-627 in Rice, R. E., Yates, S. J. (eds), The Oxford Handbook of Digital Technology and Society. New York, NY: Oxford University Press.

Zhang, X., Wan-Ying Lin, W-Y. and Dutton, W. H. (2022). The Political Consequences of Online Disagreement: The Filtering of Communication Networks in a Polarized Political Context, Social Media and Society, 8(3). Available at: https://doi.org/10.1177/20563051221114391

Zorina, A., and Dutton, W. H. (2021). Theorizing Actor Interactions Shaping Innovation in Digital Infrastructures: The Case of Residential Internet Development in Belarus’, Organization Science, 32(1), 156-180. Also published online in Articles in Advance: 26 Oct 2020, Available at: https://doi.org/10.1287/orsc.2020.1389