My current research interests are within the areas of industrial economics, public economics, behavioural economics and cybersecurity.

A recent project, funded by the UK Home Office, investigated the use of cyber-security health-checks for small businesses and charities. Working with a number of partners, including Kent Police and Leicestershire Police, the project trialled the use of a health-check delivered by a student consultancy (KITC Solutions). The project also, more generally, looked at the barriers small organisations face in adopting cyber best practice.

Another recent project called EMPHASIS, funded by the EPSRC, looked at the economic, psychological and social consequences of ransomware. I am involved in a range of work looking at the economic and welfare costs of ransomware as well as methods law enforcement can adopt to disrupt the business model of the criminals. My work has been published in the Journal of Cyber Security, Royal Society Open Science and Games. A related project, funded by the Defence, Science and Technology Lab, looked at the moral implications of paying hostage ransom demands in conflict situations.

In terms of public economics and behavioural economics, the main focus of my work is on the provision of threshold public goods. In this research I combine theory and lab experiments to understand how cooperation within small groups can be achieved and maintained. Recent work is published in International Journal of Game Theory, Economics Letters and Journal of Public Economic Theory. A current project is applying insights from threshold public good games to study climate change agreements.

Within the field of industrial organisation, I have long-standing research interests on issues related to leadership and research and development (R&D). My work has been published in Games and Economic Behavior, Mathematical Social Sciences and Manchester School. A current strand of work is looking at firm location choice in the presence of R&D spillovers.

Seifert, J., Cartwright, E., Cartwright, A. (2025) Cyber Risk Quantification and the Role of Markets. The economic cost of cybersecurity, forthcoming.

Meurs, T., Cartwright, E., Cartwright, A., Junger, M., & Abhishta, A. (2024). Deception in Double Extortion Ransomware Attacks: An Analysis of Profitability and Credibility. Computers & Security, 138, 103670.https://doi.org/10.1016/j.cose.2023.103670

Cartwright, A. and Cartwright, E. (2024) A classroom market experiment: Data and Reflections. Journal of Economic Education, 1-16.https://doi.org/10.1080/00220485.2024.2351853

Cartwright, A., Cartwright, E., Xue, L., & Hernandez-Castro, J. (2023). An investigation of individual willingness to pay ransomware. Journal of Financial Crime, 30(3), 728-741. https://doi.org/10.1108/JFC-02-2022-0055

Cartwright, A. and Cartwright, E. (2023) The economics of ransomware attacks on integrated supply chain networks. Digital Threats: Research and Practice, Volume 4, Issue 4, Article No. 56 (pp. 1-14).https://doi.org/10.1145/3579647

Cartwright A., Cartwright E., MacColl, J., Mott, G., Turner, S., Sullivan, J. and Nurse, J.R.C. (2023) How cyber-insurance influences the ransomware payment decision: theory and evidence. The Geneva Papers on Risk and Insurance - Issues and Practice, 48(2), 300-331. https://doi.org/10.1057/s41288-023-00288-8.

Cartwright, A., Cartwright, E., & Edun, E. S. (2023). Cascading information on best practice: Cyber security risk management in UK micro and small businesses and the role of IT companies. Computers & Security, 131, 103288. https://doi.org/10.1016/j.cose.2023.103288

Meurs, T., Cartwright, E. and Cartwright, A. (2023) Double-sided Information Asymmetry in Double Extortion Ransomware. In International Conference on Decision and Game Theory for Security (pp. 311-328). Cham: Springer Nature Switzerland.https://doi.org/10.1007/978-3-031-50670-3_16

Meurs, T., Cartwright, E. and Cartwright, A., Junger, M., Hoheisel, R., Tews, E. and Abhishta, A. (2023) Ransomware Economics: A Two-Step Approach To Model Ransom Paid. In 2023 APWG Symposium on Electronic Crime Research (eCrime), pp. 1-13. IEEE.https://doi.org/10.1109/eCrime61234.2023.10485506

Mott, G., Turner, S., Nurse, J. R., MacColl, J., Sullivan, J., Cartwright, A., & Cartwright, E. (2023). Between a rock and a hard (ening) place: Cyber insurance in the ransomware era. Computers & Security, 128, 103162.https://doi.org/10.1016/j.cose.2023.103162

Bhudia, A., Cartwright, A., Cartwright, E., Hernandez-Castro, J., & Hurley-Smith, D. (2023). Identifying Incentives for Extortion in Proof of Stake Consensus Protocols. In The International Conference on Deep Learning, Big Data and Blockchain (pp. 109-118). Springer, Cham.https://doi.org/10.1007/978-3-031-16035-6_9

Cartwright, E., Cartwright, A. (2022) Chapter 23: Behavioural public policy. De Gruyter Handbook of Contemporary Welfare States, 1, 389.https://doi.org/10.1515/9783110721768-023

Bhudia, A., Cartwright, A., Cartwright, E., Hernandez-Castro, J., & Hurley-Smith, D. (2022). Extortion of a Staking Pool in a Proof-of-Stake Consensus Mechanism. In 2022 IEEE International Conference on Omni-layer Intelligent Systems (COINS) (pp. 1-6). IEEE.https://doi.org/10.1109/COINS54846.2022.9854946

Hernandez-Castro, J., Cartwright, E. and Cartwright, A. (2020) An economic analysis of ransomware and its welfare consequences. Royal Society Open Science, 7(3), 190023.https://doi.org/10.1098/rsos.190023

Cartwright, A., and Cartwright, E. (2019) Ransomware and reputation. Games, 10(2), 26.https://doi.org/10.3390/g10020026

Cartwright, A., Cartwright, E., & Xue, L. (2019) Investing in prevention or paying for recovery - attitudes to cyber risk. In International Conference on Decision and Game Theory for Security (pp. 135-151). Springer, Cham.https://doi.org/10.3390/g10020026

Cartwright, E., Stepanova, A. and Xue, L. (2019) Impulse balance and framing effects in threshold public good games. Journal of Public Economic Theory, 21(5), 903-922.https://doi.org/10.1111/jpet.12359

Hernandez-Castro, J., Cartwright, E. and Stepanova, A. (2019) To pay or not: game theoretic models of ransomware. Journal of Cybersecurity, 5(1), tyz009.https://doi: 10.1093/cybsec/tyz009

Cartwright, E. and Stepanova, A. (2017) Efficiency in a forced contribution threshold public good game. International Journal of Game Theory, 46(4), 1163-1191.https://doi.org/10.1007/s00182-017-0570-1

Cartwright, E. and Stepanova, A. (2015) The consequences of a refund in threshold public good games. Economics Letters, vol. 134, issue C, pages 29-33.https://doi.org/10.1016/j.econlet.2015.05.032

Burr, C., Knauff, M. and Stepanova, A.(2013) On the Prisoner’s Dilemma in R&D with Input Spillovers and Incentives for R&D Cooperation. Mathematical Social Sciences 66:254-261.https://doi.org/10.1016/j.mathsocsci.2013.05.004

Cartwright, E. and Stepanova, A. (2012) What do Students Learn from a Classroom Experiment: Not much, Unless they Write a Report on it. Journal of Economic Education 43: 48-57.https://doi.org/10.1080/00220485.2012.636710

Stepanova, A. and Tesoriere, A. (2011) R&D with Spillovers: Monopoly Versus Noncooperative and Cooperative Duopoly. The Manchester School 79:125-144.https://doi.org/10.1111/j.1467-9957.2010.02185.x

Amir, R. and Stepanova, A. (2006) Second-mover advantage and price leadership in Bertrand duopoly. Games and Economic Behavior 55:1-20.https://doi.org/10.1016/j.geb.2005.03.004

Amir, R., Stepanova, A., Nannerup, N. and Eguiazarova, E. (2002) Monopoly Versus R&D-Integrated Duopoly, The Manchester School, 70, 88-100.https://doi.org/10.1111/1467-9957.00285