59
Chapter 4
Understanding Risk and
Risk-Taking Behavior
in Virtual Worlds
Fariborz Farahmand
Purdue University, USA
Eugene H. Spafford
Purdue University, USA
ABSTRACT
Virtual worlds have seen tremendous growth in recent years. However, security and privacy risks are
major considerations in different forms of commerce and exchange in virtual worlds. The studies of
behavioral economics and lessons from markets provide fertile ground in the employment of virtual
worlds to demonstrate and examine behaviors. In this chapter, we address user and organizational concerns about security and privacy risks by exploring the relationships among risk, perception of risk, and
economic behavior in virtual worlds. To make their interaction more effective, we recommend organizations to understand perceptions of risk in virtual worlds and then implement policies and procedures to
enhance trust and reduce risk. Such understanding depends in turn on the multidisciplinary nature of
cyber security economics and online behavior.
INTRODUCTION
The rich domains of virtual worlds provide new
environments, new economies and new institutions. Gartner (2009) has predicted that by the
end of 2011 80% of active internet users would
have a second life in a virtual world and that
major enterprises will find value in participating in these venues. These numbers indicate that
human interaction with the virtual is expected to
DOI: 10.4018/978-1-61520-891-3.ch004
approach some of the extremes seen in popular
science fiction works such as True Names (Vinge
1981) and Halting State (Stross 2007).
However, activities in virtual worlds, as in
any other online environment, can be associated
with risks and uncertainties. Gartner Group lists
information technology risks, identity and access
management concerns, loss of confidentiality,
brand and reputation damage, and productivity
reduction as issues facing corporations in dealing
with virtual worlds (Gartner 2007). The European Network and Information Security Agency
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
Understanding Risk and Risk-Taking Behavior in Virtual Worlds
(ENISA) and Arakji and Lang (2007) list 14 and
7 (respectively) categories of risks associated with
virtual worlds. But, how can users and corporations evaluate these risks and the effectiveness
of corresponding mitigation mechanisms? What
actually motivates people to risk time and actual
money in virtual worlds? Finding answers to these
questions is essential for managing risks in virtual
worlds. This chapter presents a basic overview of
perceptions of risk in virtual worlds by different
stakeholders and how they may respond to these
risks. In particular, we explore some of the factors
that may influence the risk evaluations that corporations may make when deciding involvement in
virtual worlds. We also explain companies that are
planning to operate in the virtual worlds need to
understand the roles of trust and risk and should
monitor user perceptions in order to understand
their relation to risk aversion and risk management.
DEFINING RISK
For us to understand the human behavior in virtual worlds, an explicit and accepted definition
of risk is essential; however, the definition of
risk is inherently controversial. When planning
some course of action, people tend to evaluate
issues of cost and benefit against the possibility of
losses and adverse consequences. Those potential
losses and adverse consequences are known as
risk. Knight (1921) made his famous distinction
between risk and uncertainty by explaining that
risk is ordinarily used in a loose way to refer to
any sort of uncertainty viewed from the standpoint
of an unfavorable contingency, and uncertainty
similarly with reference to favorable outcomes.
Understanding and measuring risk enables people
to choose prudent courses of action and make appropriate investments in protection and mitigation.
In classical decision theory, risk is most commonly conceived as reflecting variation in the distribution of possible outcomes, their likelihoods,
and their subjective values (March and Shapira,
60
1987). Risk is measured either by nonlinearities in
the revealed utility for money or by the variance
of the probability distribution of possible gains
and losses associated with a particular alternative
(Pratt 1964, Arrow 1965) --i.e., distorted valuation or irregular risk perception by individuals.
Fischhoff et al. (1984) argues that values regarding the relative importance of different possible
adverse consequences for a particular decision
can change with the changes in the decision
maker, the technologies considered, or the decision
problem. Fischoff and his co-authors developed a
framework showing how these value issues can
be systemically addressed while considering the
sources of controversy in defining risk.
PRIVACY RISKS
Virtual worlds are commonly perceived as being
completely separate from the real lives of their
users and therefore immune to the privacy risks
posed by other emerging platforms such as social
networks (ENISA 2008). However, representing
a user as an avatar—the computer representation
of the user—is not that different from any other
form of online persona – users are free to present
as accurate or inaccurate a picture as they choose.
This may expose virtual world users to many
kinds of privacy risks, (e.g., identity disclosure).
Certain characteristics of the avatar owner can
be guessed with reasonable accuracy based on
statistical analysis. For example, a survey of the
2001 fantasy game Everquest, with 889 users,
showed that only 2.5% of female users and 15.7%
of male users had played characters of the opposite
gender. Thus, using these figures, if an avatar in
this game is male, his owner is very likely to be
male (84.3% of males and 2.5% of females will
play a male character, and male gamers generally
vastly outnumber females) (Yee 2001).
According to ENISA (2008) many service
providers implement extensive mining features
within their gaming environment to detect anoma-
11 more pages are available in the full version of this document, which may
be purchased using the "Add to Cart" button on the publisher's webpage:
www.igi-global.com/chapter/understanding-risk-risk-taking-behavior/49517
Related Content
Performance of Mobility Protocols
Sherali Zeadally and Farhan Siddiqui (2008). Encyclopedia of Internet Technologies and Applications (pp.
398-406).
www.irma-international.org/chapter/performance-mobility-protocols/16881/
Adaptive Transmission of Multimedia Data over the Internet
Christos Bouras, Apostolos Gkamas, Dimitris Primpas and Kostas Stamos (2008). Encyclopedia of Internet
Technologies and Applications (pp. 16-22).
www.irma-international.org/chapter/adaptive-transmission-multimedia-data-over/16828/
Co-Operative Load Balancing in Vehicular Ad Hoc Networks (VANETs)
G. G. Md. Nawaz Ali and Edward Chan (2013). Security, Design, and Architecture for Broadband and
Wireless Network Technologies (pp. 251-273).
www.irma-international.org/chapter/operative-load-balancing-vehicular-hoc/77423/
A Theoretical Approach to Evaluate Online and Traditional Trading on th NASDAQ Stock
Exchange
Haroun Alryalat, Yogesh Kumar Dwivedi, Jasna Kuljis and Ray J. Paul (2006). Internet Strategy: The Road
to Web Services Solutions (pp. 67-85).
www.irma-international.org/chapter/theoretical-approach-evaluate-online-traditional/24663/
UI Patterns Support on RIAs Development
(2015). Frameworks, Methodologies, and Tools for Developing Rich Internet Applications (pp. 140-188).
www.irma-international.org/chapter/ui-patterns-support-on-rias-development/117382/