Personal data holds great potential to benefit commerce and society, but, at the institutional level, concerns are rising over the risks associated with data access, ownership, privacy and confidentiality. The main purpose of this project is to investigate whether and how these institutional concerns are reflected in the perceptions of individual users. This proposal will establish a new programme of research in digital economy by understanding how individual subjective perceptions of users with regard to cybersecurity relate to organizational and institutional views on cybersecurity. By gaining this understanding we seek to develop new business models which would allow businesses to minimize individual perceptions of vulnerability with regard to issues of privacy, security, and trust. We propose that individual subjective vulnerability with regard to cybersecurity issues is an important factor which impact upon business models and the development of digital economy. We consider vulnerability from three perspectives: 1) An individual's perspective of their own vulnerability; 2) The perspective of the entity the individual is interacting with in the digital domain (which could be another individual, or a business); and 3) The institution that is tasked to regulate and protect all entities within the system (e.g., the state, regulatory body, etc.). All three entities are likely to assess individual vulnerabilities in different ways and would have a separate sets of trade-offs against the risks. An individual considers the trade-off between the choice/freedom to use a service against the risk of being vulnerable. A business, on the other hand, approximates individual's vulnerability and makes an assessment of risk which is important for its business model in order to trade off revenues and provide additional service to mitigate that risk to the extent that it would pacify the user and the regulator. Finally, from a state point of view, the aggregation of a large numbers of users creates a complex system of data sharing which bears a systemic risk that may result in individual vulnerabilities which are hard to quantify and manage. Proposed project will implement "in-the-wild" strategy in order to: (i) Measure individual vulnerability with regard to cybersecurity issues using different contexts and taking into account individual heterogeneity; (ii) Using these context-dependent measure, propose new business models which would mitigate perceptions of cybersecurity risks; (iii) Suggest tools for policy makers and regulators to decrease cybersecurity risks via bridging the gap between subjective vulnerability of users and objective vulnerability measured by businesses and other institutions.