European Conference on Information Systems ECIS 2027
Register

Cybersecurity and privacy in the age of AI

Track 8

Track chairs

Marko Niemimaa
University of Agder

Jonna Järveläinen
University of Jyvaskyla

Nina-Birte Schirrmacher
University of Sydney

Track description

Cybersecurity and privacy continue to fill the news, and organisations and individuals are overwhelmed by rapidly evolving threats. The accelerated development and diffusion of artificial intelligence (AI) have intensified this landscape. AI not only augments defensive capabilities but also enables malicious actors to scale, automate, and personalise attacks with unprecedented sophistication. From convincing AI-generated phishing and social engineering campaigns to the automated discovery and exploitation of vulnerabilities, organisations and individuals face new forms of risk and unseen volume of attacks that challenge existing security assumptions and practices. These developments also put privacy at risk, as individuals share sensitive information with AI agents, and as AI becomes increasingly capable of processing data in ways that may, for instance, enable de-anonymisation.

These developments unfold within complex and interdependent configurations of technologies, organisational practices, and human actors that form the security infrastructures for both defence and offense. As these infrastructures become more intricate, new points of weakness and exposure emerge that are difficult to anticipate or govern. Simultaneously, longer-term technological innovations, such as quantum computing, further destabilise security and privacy foundations. In parallel, impersonation and deception campaigns continue to compromise not only financial resources but also sensitive personal data. Within this context, employees are often portrayed as sources of risk or the “weakest link”, yet their behavior emerges within broader organisational sociotechnical arrangements that shape the conditions in which it unfolds.

Addressing these challenges requires approaches that go beyond purely technical solutions. We need sociotechnical(/sociomaterial) perspectives that engage with how AI reshapes risk, security practices, and human roles in cybersecurity. Such approaches should not only aim to protect organisations but also safeguard individuals’ privacy, rights, and agency. As cybersecurity is not a simple linear chain but a network of interdependencies, solutions must integrate technological, organisational, and human dimensions across contexts.

We call for submissions that provide sociotechnical approaches to cybersecurity and privacy in a landscape shaped by AI, emerging technologies, and evolving threats. We welcome studies employing diverse methodological approaches (e.g., qualitative, quantitative, design science) addressing cybersecurity and privacy within and across organisational boundaries. Relevant topics include information security policy compliance, economic perspectives, human behavior, training and awareness, and security culture. On privacy, we invite work on privacy calculus, user behavior in the face of AI-enabled threats, and evolving privacy concerns.

We further invite submissions that examine the dual role of AI in cybersecurity, both as a protective mechanism and as a source of new risks, and encourage research that take value-reflexive and contrarian perspectives to interrogate the assumptions and values embedded in current security and privacy paradigms for the betterment of the world.

Finally, we welcome traditional IS security research that does not include an AI component. However, submissions must adopt a sociotechnical perspective; purely technical or AI solutionfocused papers without engagement with organisational, social, or human dimensions are outside the scope of this track. We give precedence to submissions that make a distinctive contribution through original theorising, innovative framing, or engagement with evolving cybersecurity
challenges.

Topics of interest

  • (Gen)AI/ML for cybersecurity and privacy, and cybersecurity in AI
  • Adoption and use of emerging security technologies and approaches (e.g., Zero Trust, Security by Design), and critical analysis of their organisational implications
  • Corporate security strategies, governance, and compliance in cybersecurity and privacy, within and across organisational boundaries
  • Critical, contrarian, and value-reflexive research on current cybersecurity and privacy themes, including problematising the current role of humans in security and privacy
  • Cybersecurity beyond organisational boundaries (e.g., interorganisational cybersecurity, supply chain cybersecurity)
  • Cybersecurity inclusivity and accessibility
  • Cybersecurity and privacy risk analysis and management (including standards and standardisation of cybersecurity management)
  • Design and development of cybersecurity and privacy-enhancing technologies, tools, and methods
  • Empowering humans in security and privacy, for example through gamification
  • Human behavior and user-centric cybersecurity and privacy, including security education, training, and awareness (SETA) programs, and information security culture
  • Infrastructures and cybersecurity
  • Interdependent and group privacy
  • Privacy calculus, privacy concerns, and identity theft and deception in online communication
  • Security and privacy of platforms, devices, and applications
  • Business continuity, cyber/digital resilience, and Cyber Security Incident Response Management

Associate Editors

Hadi Ghanbari
Aalto University, Finland

Duong Dang
University of Vaasa, Finland

Peter Bednar
University of Portsmouth, UK

Shuyan Metcalfe
Florida State University, US

Karin Hedström
Örebro University, Sweden

Paolo Spagnoletti
LUISS, Italy

Alaa Nehme
Mississippi State University, USA

Obi Ogbanufe
University of North Texas, USA

Sarfraz Iqbal
Linnaeus University, Sweden

Hwee-Joo Kam
University of Tampa, USA

Sean Maynard
The University of Melbourne, Australia

Thomas Widjaja
University of Passau, Germany

Christine Abdalla Mikhaeil
IÉSEG School of Management, France

Martin Brehmer
University of Augsburg

Tero Vartiainen
University of Vaasa, Finland

Hanna Paananen
University of Jyväskylä, Finland

Naomi Woods
University of Jyväskylä, Finland

Joakim Kävrestad
Jönköping School of Engineering, Sweden

Miloslava Plachkinova
Kennesaw State University, USA

Chen Zhong
The University of Tampa, USA

Shwadhin Sharma
California State University Monterey Bay, USA

Michaela Trierweiler
Johannes Kepler Universität Linz

Jean-Loup Richet
IAE Paris Sorbonne Business School, France

Andreas Eckhardt
University of Innsbruck, Austria

Edona Elshan
Vrije Universiteit Amsterdam, Netherlands

Mohammad Rezazade Mehrizi
Vrije Universiteit Amsterdam, Netherlands

Copyright © University of Luxembourg 2026 (all rights reserved)

Interdisciplinary Centre for Security, Reliability and Trust