Business leaders are grossly underestimating their firms' reliance on the internet and the risks of web-based threats, according to Paul Twomey, president of internet oversight body Icann.

Speaking at the UK launch of a new risk management guide for chief executives and directors compiled by the British-North American Committee (BNAC), Twomey argued that C-level executives in many companies still lack a basic understanding of information security and the risk of intellectual property loss via web-based attacks.

"People tend to focus on spam, phishing and other things because they're on the desktop, but how many people pay attention to corporate espionage?" he said. "The internet environment is an ecosystem and most networks are in private hands. The private sector really needs to own that responsibility."

The security of the supply chain is another are of risk for firms which is being neglected by business leaders, said Twomey.

The BNAC's Risk Management Primer for CEOs and Directors, which was officially launched today, is designed to offer C-level executives advice on the nature of risks facing their organisation and how to best mitigate them by building in resilience, said Twomey.

It features tips on how to create an information security culture and a removable information security checklist detailing the questions chief executives should be asking of their information and legal professionals.

"It's critical to be proactive, go thorough the checklist and secure your systems because by the time law enforcement gets in it's too late," argued Mark Bullock, legal attaché to the US Embassy.