RSA® CONFERENCE 2004, SAN FRANCISCO, CA.— A study released today by RSA Security Inc. (NASDAQ: RSAS) exposed a wide gap between consumers’ awareness of identity theft and their perceived ability to protect against it. The same research showed that, despite heightened concerns, the majority of consumers continue to use weak password management practices that can greatly contribute to increased vulnerability to identity theft. “Although government, financial services institutions and the security industry have taken great steps over the past year to increase awareness of identity theft and encourage better security practices among consumers, organizations still need to go further if they want to see an increase in consumer confidence toward online business,” said John Worrall, vice president of worldwide marketing at RSA Security. “Consumers must feel confident and safe when making online transactions – otherwise, businesses will never realize the cost savings and revenue potential of the Internet.”

Identity Theft Awareness and Feelings of Safety
The study, conducted for the second year in a row by Opinion Research Corporation and commissioned by RSA Security, was initiated to compare attitudes, perceptions and security practices of consumers today to their opinions one year ago. More than 1,000 consumers were asked a variety of questions relating to awareness of security issues, feelings of safety, and use of available safeguards against identity theft and computer attacks.

When asked the question “How informed are you about identity theft issues now when compared to a year ago,” 63 percent of respondents considered themselves “More Informed.” However, of those in this category, 49 percent do not consider themselves any safer, and 26 percent consider themselves more vulnerable than they did in 2003. Only 18 percent of respondents felt safer this year than they did during the same period last year, and of that number, more than half attributed the increase to their own personal safeguards, while fewer than 30 percent cited security technology enhancements or changes in bank policies and procedures. “Awareness of identity theft is certainly the first step, but businesses clearly have a long way to go if they want consumers to feel protected,” added Worrall.

Passwords a Key Area of Vulnerability
According to the survey, some vulnerability comes as a result of poor management of PINs and passwords for access to online services, desktop computer systems, ATMs and other electronic services. Nearly two in three respondents (63 percent) use fewer than five passwords for all electronic information access, and more than one in ten (15 percent) use only one password for everything. “Consumers are under the false impression that passwords provide enough security to protect personal information,” said Worrall. “Forward-looking organizations that have a large number of people accessing electronic information – whether they are customers, employees or partners – are recognizing that more reliable forms of authentication are critical for securing important information, including personal information and corporate assets.”

For example, earlier this week, RSA Security announced that it is working with Microsoft Corp. to deliver stronger security for Microsoft® Windows® enterprise customers by replacing static passwords with strong, two-factor authentication. In addition, the RSA SecurID® two-factor authentication solution is being adopted by financial institutions and e-businesses to provide customers and partners with more secure access to electronic information. “We’re at the leading edge of a trend toward widespread replacement of passwords with better authentication methods,” said Worrall. “The growth of this trend will help bridge the gap between consumer awareness of identity theft and actual protection against it.”

Other findings in the study:
• Consumers are less willing to provide online merchants with personal information now than they were a year ago. In 2003, 35 percent indicated a reluctance to provide personal information to online merchants, compared with 44 percent this year.

• The impact of physical security threats such as terrorism, 9/11 and the war in Iraq have less effect on consumer awareness of security issues today than they did in 2003, while at the same time, impact of information threats such as identity theft, global computer viruses and Spam are having more effect.

• Consumers believe that primary responsibility for identity theft protection falls on individuals and their financial institutions. When asked the question “Which of the following are ‘Very Responsible’ for protecting you against identity theft,” 65 percent listed themselves, 53 percent listed banks/financial institution, 29 percent cited law enforcement, 27 percent named Federal government and 24 percent listed merchants (more than one response was permitted).

Survey Methodology
The nine-question survey on consumer attitudes, perceptions and security practices was conducted nationwide, by telephone, with 1,022 adults from January 29-February 1, 2004 by Opinion Research Corporation. The margin of error is plus or minus three percent for results based on the entire sample. ***NOTE TO MEDIA: A full copy of the survey results can be obtained by sending an email to pr@rsasecurity.com.