Adversarial Evolution: Competing dynamics and reactive institutional forms in financial services ecosystem Paolo Spagnoletti 1,2 , Federica Ceci 3 and Andrea Salvi 2 1 Department of Information Systems, University of Adger, Kristiansand, Norway 2 Department of Business and Management, Luiss University, Rome, Italy 3 Department of Economics and Management, G. D’Annunzio University, Pescara, Italy Abstract In this paper we conceptually illustrate the adversarial evolution of cybercrime and cybersecurity operations in financial services ecosystem. Building upon the concept of organizational morphing and ecosystem formation, we aim to reconstruct the parallel and conflict-driven evolution of the bright and dark side of financial services. Firstly, we identify five phases from the late 90s to the post-2015 period that show the paired configuration in the morphing of the two opposing sides. Secondly, we propose a conceptual model for digital ecosystems evolution based on the mutual influence of conflicting actors. This paper is a first foundational work towards a broader instantiation of generativity through adversarial evolution of digital ecosystems. Keywords 1 Cybersecurity, Cybercrime, Ecosystems, Financial Services, Innovation 1. Introduction Financial cybercrimes seek profit through misappropriation of value in the financial services ecosystem. Such misappropriation is carried out through the malicious use of digital technologies and it is substantiated into criminal activities such as ransomware and phishing [1], [2]. Therefore, malicious actors master and exploit digital technologies as vectors misappropriation of value. These processes are continuously evolving and produce new forms of cybercrime at an extremely fast pace. This is the output of what some authors called outlaw innovation [3]. As Huang et al [4] puts it “to combat cybercrimes in an effective way, we not only need to develop technical solutions to protect against attacks but also need to understand the structure of the business of underground cybercrime and its development”. To fully appreciate the complexity of the dark – and criminal – side of financial ecosystems one should take into account the effects of such activity onto the “bright side” and vis-à-vis the opportunity it offers. Criminal activities in this domain have proliferated over the last decades, thanks to the diffusion of online banking and the widespread usage of electronic transfers of financial resources [5]. To create a safeguard against these ever-mutating malicious actions, also the bright side have evolved, adopting a variety of tactics, techniques and procedures, both at operational and strategic level [6], [7]. This brief contribution extends the studies over the link between the evolution of cybercrime and cybersecurity institutions in a digital service ecosystem, i.e., the financial sector. We build upon the observation that there is a linkage between innovations in the bright and in the dark side [3] and we attempt to show how that produces “conflict-driven” evolution. We show how the reiterated contacts between the bright and dark side of an ecosystem results in observable changes in technical innovations and in the evolution of the institutional forms adopted by the actors. We therefore propose the two I TASEC21 Post-conference proceedings, April 07–09, 2021, Italy EMAIL: pspagnoletti@luiss.it (A. 1); f.ceci@unich.it (A. 2); asalvi@luiss.it (A. 3) ORCID: 0000-0003-1950-368X (A. 1); 0000-0002-6998-8534 (A. 2); 0000-0002-3583-0114 (A. 3) © 2020 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) CEUR Workshop Proceedings http://ceur-ws.org ISSN1613-0073