My current research interests are within the areas of industrial economics, public economics, behavioural economics and cybersecurity.

A recent project, funded by the UK Home Office, investigated the use of cyber-security health-checks for small businesses and charities. Working with a number of partners, including Kent Police and Leicestershire Police, the project trialled the use of a health-check delivered by a student consultancy (KITC Solutions). The project also, more generally, looked at the barriers small organisations face in adopting cyber best practice.

Another recent project called EMPHASIS, funded by the EPSRC, looked at the economic, psychological and social consequences of ransomware. I am involved in a range of work looking at the economic and welfare costs of ransomware as well as methods law enforcement can adopt to disrupt the business model of the criminals. My work has been published in the Journal of Cyber Security, Royal Society Open Science and Games. A related project, funded by the Defence, Science and Technology Lab, looked at the moral implications of paying hostage ransom demands in conflict situations.

In terms of public economics and behavioural economics, the main focus of my work is on the provision of threshold public goods. In this research I combine theory and lab experiments to understand how cooperation within small groups can be achieved and maintained. Recent work is published in International Journal of Game Theory, Economics Letters and Journal of Public Economic Theory. A current project is applying insights from threshold public good games to study climate change agreements.

Within the field of industrial organisation, I have long-standing research interests on issues related to leadership and research and development (R&D). My work has been published in Games and Economic Behavior, Mathematical Social Sciences and Manchester School. A current strand of work is looking at firm location choice in the presence of R&D spillovers.

Cartwright, A., Cartwright, E., & Edun, E. S. (2023). Cascading information on best practice: Cyber security risk management in UK micro and small businesses and the role of IT companies. Computers & Security, 131, 103288. https://doi.org/10.1016/j.cose.2023.103288

Cartwright, A. and Cartwright, E. (2023) The economics of ransomware attacks on integrated supply chain networks. Digital Threats: Research and Practice, forthcoming.

Cartwright A., Cartwright E., MacColl, J., Mott, G., Turner, S., Sullivan, J. and Nurse, J.R.C. (2023) How cyber-insurance influences the ransomware payment decision: theory and evidence. The Geneva Papers on Risk and Insurance - Issues and Practice, 48(2), 300-331. https://doi.org/10.1057/s41288-023-00288-8.

Cartwright, A. and Cartwright, E. (2023) A classroom market experiment: Data and Reflections. Journal of Economic Education, forthcoming.

Mott, G., Turner, S., Nurse, J. R., MacColl, J., Sullivan, J., Cartwright, A., & Cartwright, E. (2023). Between a rock and a hard (ening) place: Cyber insurance in the ransomware era. Computers & Security, 128, 103162.

Bhudia, A., Cartwright, A., Cartwright, E., Hernandez-Castro, J., & Hurley-Smith, D. (2023). Identifying Incentives for Extortion in Proof of Stake Consensus Protocols. In The International Conference on Deep Learning, Big Data and Blockchain (pp. 109-118). Springer, Cham.

Cartwright, E., Cartwright, A. (2022) Chapter 23: Behavioural public policy. De Gruyter Handbook of Contemporary Welfare States, 1, 389.

Bhudia, A., Cartwright, A., Cartwright, E., Hernandez-Castro, J., & Hurley-Smith, D. (2022). Extortion of a Staking Pool in a Proof-of-Stake Consensus Mechanism. In 2022 IEEE International Conference on Omni-layer Intelligent Systems (COINS) (pp. 1-6). IEEE.

Cartwright, A., Cartwright, E., Xue, L. and Hernandez-Castro, J. (2022), "An investigation of individual willingness to pay ransomware", Journal of Financial Crime, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/JFC-02-2022-0055

Hernandez-Castro, J., Cartwright, E. and Cartwright, A. (2020) An economic analysis of ransomware and its welfare consequences. Royal Society Open Science, 7(3), 190023.

Cartwright, A., and Cartwright, E. (2019) Ransomware and reputation. Games, 10(2), 26.

Cartwright, A., Cartwright, E., & Xue, L. (2019) Investing in prevention or paying for recovery - attitudes to cyber risk. In International Conference on Decision and Game Theory for Security (pp. 135-151). Springer, Cham.

Cartwright, E., Stepanova, A. and Xue, L. (2019) Impulse balance and framing effects in threshold public good games. Journal of Public Economic Theory, 21(5), 903-922.

Hernandez-Castro, J., Cartwright, E. and Stepanova, A. (2019) To pay or not: game theoretic models of ransomware. Journal of Cybersecurity, 5(1), tyz009.

Cartwright, E. and Stepanova, A. (2017) Efficiency in a forced contribution threshold public good game. International Journal of Game Theory, 46(4), 1163-1191.

Cartwright, E. and Stepanova, A. (2015) The consequences of a refund in threshold public good games. Economics Letters, vol. 134, issue C, pages 29-33.

Burr, C., Knauff, M. and Stepanova, A.(2013) On the Prisoner’s Dilemma in R&D with Input Spillovers and Incentives for R&D Cooperation. Mathematical Social Sciences 66:254-261.

Cartwright, E. and Stepanova, A. (2012) What do Students Learn from a Classroom Experiment: Not much, Unless they Write a Report on it. Journal of Economic Education 43: 48-57.

Stepanova, A. and Tesoriere, A. (2011) R&D with Spillovers: Monopoly Versus Noncooperative and Cooperative Duopoly. The Manchester School 79:125-144.

Amir, R. and Stepanova, A. (2006) Second-mover advantage and price leadership in Bertrand duopoly. Games and Economic Behavior 55:1-20.

Amir, R., Stepanova, A., Nannerup, N. and Eguiazarova, E. (2002) Monopoly Versus R&D-Integrated Duopoly, The Manchester School, 70, 88-100.