Financial firms are still confused on how to best manage information and measure risks, according to research from Datamonitor and RSA Security.

Most banks rely too much on IT for security and are overly confident in how effective security measures can be, according to a survey of IT directors and CEOs of top tier banks from UK, France, Germany, Italy, Spain, Belgium, Netherlands and Luxembourg.

Only 19% of banks recognised that perimeter security cannot be totally effective in protecting the banks’ information, stated the survey, which was released at RSA Security Conference Europe 2007.

Nearly half (47%) already focus on securing information over the perimeter. But only 43% understand the need to extend information security management to their data to partners, consultants and contractors.

Almost half of respondents admitted to be complying with regulations on a case-by-case basis, rather than with a strategic approach. A mere 32% were comfortable that IT security is not managed in silos anymore.

While banks are aware of the importance of managing information at a strategic level, in practice, European banks are confused on the best way to do so, concluded Martha Bennett, research directory, financial services, Datamonitor.

“It is imperative that financial institutions do more to address information security risk, and to approach Information Risk Management at the enterprise level.”

Bennett added: “In my experience, IT people take an IT-centric approach. Many claimed they know what information is kept and who has access to it. They are overly confident that they have a view of the structure of information, because of the measures put in place after Basel II and the data protection act; they can audit what information they have and where it is. However if you were to ask them how many of these people extract this information on to an Excel spreadsheet and then mail it or print it to distribute it, they may be unaware of this.”

Conversely, Bennett claimed CEOs tend to be overly confident in the IT security.

RSA Conference Europe opened today in London, with a keynote speech from Art Coviello, executive vice president, EMC and president, RSA. The conference, which runs until Wednesday, brings together security experts, vendors and end-users from throughout Europe.