The scale of electronic crime is incalculable because of inadequacies in the reporting system, according to the European Union's IT security unit.

Ronald de Bruin, head of the cooperation and support department at the European Network and Information Security Agency (Enisa), told this year's ISSE security event in Madrid that the IT crime problem has been exacerbated by the reluctance of firms to report breaches.

He also maintained that some of the organisations to which companies are supposed to report breaches are biased.

"We have to accept living with uncertainty about the size of the problem, but we should be aware of the nature of the risks," de Bruin said.

"We have launched a three-year programme to create trust and confidence with decision makers through a better insight into emerging risks."

De Bruin explained that Enisa will look to build up an authoritative view of the nature of threats facing firms today by building on the data collection initiatives already in place in member states.

"The aim is that, by 2010, 30 stakeholders from 15 member states will point to us as a reference for this," he said.

De Bruin also highlighted the importance of member states sharing best practice. "Let's be frank, some member states are more equipped than others," he said.

"We strongly believe that they should all support each other by sharing information in order to get the balance back."