Security Management: Real versus Perceived Risk of Commercial Exploitation of Social Media Personal Data

This paper covers one of the issues in Security Management, which is that people react more on their perceived risk rather than on their real risk. Previous researches on Risk Homeostasis Theory have demonstrated that users’ behavior is driven by perceived risk rather than accepted risk. The present work is designed to be the first one to consider that users’ behavior is a mix between perceived risk and accepted risk. This research defines two dimensions of risk analysis and we have designed a Real and Perceived Risk Test (RPRT) measuring Prudent vs. Risky behavior and feeling safe vs. at Risk; then this work introduces the idea that there are four types of personality depending on the perceived degree of risk and the real and accepted degree of risk: Conscious, Paranoiac, Unconcerned, and Paradoxal (CPUP). We have applied the RPRT on a specific breach of data privacy: the commercial exploitation of social media personal data. We have managed a survey on 18-24 year old students in order to understand their awareness on privacy. As findings of the RPRT, we have identified several factors such as that data sharing level is independent from the Real exposed risk; but dependent from the Perceived Risk, yet the factor of data disclosing level is independent from the Perceived risk but dependent from Real risk and finally that the use of Social Media sign on is dependent from both the Real and the Perceived risk.