The risk-management decisions of social-networking members: A quantitative correlational study

Users of social-networking Web sites must find a balance between functionality and security. Information-systems risk-management theory can be used to define the process of choosing a level of risk tolerance to achieve this balance. The dilemma between the desire to belong to social networks and the inherent security risks represents a risk-management decision all social-networking users must responsibly consider. Personal information is posted within virtual communities as a normal activity of social interaction; however, users typically seek to protect their personal information from "hackers." The need of social-network members to interact within online virtual communities while concurrently maintaining the security of their personal information was researched in this study. The purpose of the research was to examine the relationship between user commitment to virtual communities and their IT threat-avoidance behavior. Survey instruments developed and validated by Gupta and Hee-Woong (2007), as well as Liang and Xue (2010), were used in the study. An aim behind the research was to determine the significance of the relationships between 13 variables involved in the risk-management decisions of Facebook members. Data were collected using a panel of the online survey service through which the combined research instrument was administered; 327 respondents completed the instrument during the 2-day data-collection period. A statistical computer software was employed to estimate the fit of the data with the Structural Equation Modeling (SEM) and an adjusted model was created. The results did not support the hypothesis that social-network members link their commitment to virtual communities with their IT threat-avoidance behavior when balancing functionality with security. No relationships were found between user commitment to virtual communities and their perceived susceptibility to malicious IT attacks, their perceived severity of malicious IT attacks, their related avoidance behavior, nor the functional usefulness of virtual communities. User avoidance behavior associated with malicious IT attacks was also found to be unrelated to the system quality of virtual communities.