The Workshop on the Economics of Information Security was established in 2002 to bring together computer scientists and economists to understand and improve the poor state of information security practice. WEIS was borne out of a realization that security often fails for non-technical reasons. Rather, the incentives of both - fender and attacker must be considered. Earlier workshops have answered questions ranging from?nding optimal levels of security investement to understanding why privacy has been eroded. In the process, WEIS has attracted participation from the diverse?elds such as law, management and psychology. WEIS has now established itself as the leading forum for interdisciplinary scholarship on information security. The eigth installment of the conference returned to the United Kingdom, hosted byUniversityCollegeLondononJune24-25,2009.Approximately100researchers, practitioners and government of?cials from across the globe convened in London to hear presentations from authors of 21 peer-reviewed papers, in addition to a panel and keynote lectures from Hal Varian (Google), Bruce Schneier (BT Co- terpane), Martin Sadler (HP Labs), and Robert Coles (Merrill Lynch). Angela Sasse and David Pym chaired the conference, while Christos Ioannidis and Tyler Moore chaired the program committee.